Professional Documents
Culture Documents
Netkiller Linux Advanced 手札
Netkiller Linux Advanced 手札
中国广东省深圳市宝安区龙华镇
518109
+86 755 29812080
+86 755 29812080
<openunix@163.com>
文档出处
http://netkiller.sf.net/
http://netkiller.hikz.com/
http://netkiller.homelinux.org/
版权 © 2006, 2007, 2008, 2009, 2010 Netkiller(Neo Chan). All rights reserved.
版权声明
转载请与作者联系,转载时请务必标明文章原始出处和作者信息及本声明。
内容摘要
本文档讲述Linux系统涵盖了系统管理与配置包括:
1. 域名服务器,代理服务器,防火墙,VPN
2. WEB服务器 lighttpd apache fastcgi mod_php mod_perl
3. 数据库服务器,mysql/mysql cluster postgresql
4. 数据同步,镜像,备份,恢复
5. 系统/网络监控
6. 集群,负载均衡
对初学Linux的爱好者忠告
玩Linux最忌reboot(重新启动)这是windows玩家坏习惯
Linux只要接上电源你就不要再想用reboot,shutdown,halt,poweroff命令,Linux系统和
应用软件一般备有reload,reconfigure,restart/start/stop...不需要安装软件或配置服务
器后使用reboot重新引导计算机
在Linux系统里SIGHUP信号被定义为刷新配置文件,有些程序没有提供reload参数,你
可以给进程发送HUP信号,让它刷新配置文件,而不用restart.通过pkill,killall,kill 都可以
发送HUP信号例如: pkill -HUP httpd
系列文档
下面是我多年积累下来的经验整理文档供大家参考:
鸣谢
目录
自述
本文目的
内容简介
读者对象
作者简介
联系作者
1. Introduction
Open Source and License
Distribution information
Linux Installation
I. System
2. Ubuntu Server Edition
3. CentOS - The Community ENTerprise Operating System
II. Network Application
4. network tools
curl / w3m / lynx
iptraf - Interactive Colorful IP LAN Monitor
5. Host
/etc/host.conf
/etc/hosts
hosts.allow / hosts.deny
/etc/resolv.conf
6. IP And Router
netmask
iproute2
添加路由
删除路由
变更路由
增加默认路由
cache
策略路由
负载均衡
MASQUERADE
ip tunnel
VLAN
Zebra
7. DHCP
DHCP Server
dhclient
release matching connections
8. DNS/Bind
bind9
Load Balancing
view
tools
9. Proxy Server
Apache Proxy
Squid - Internet Object Cache (WWW proxy cache)
源码安装
debian/ubuntu 安装
配置
Squid 管理
禁止页面被Cache
Squid 实用案例
Web page proxy
Surrogafier
CGIproxy
PHPProxy
BBlocked
Glype
Zelune
SOCKS
Socks5
dante-server - SOCKS (v4 and v5) proxy daemon(danted)
hpsockd - HP SOCKS server
10. Point to Point
download
rtorrent - ncurses BitTorrent client based on LibTorrent
mldonkey-server - Door to the 'donkey' network
amule - client for the eD2k and Kad networks, like eMule
11. News Group (innd)
User Authentication
usenet 管理
通过SSL连接
src.rpm 安装
12. IRC - Internet Relay Chat
IRC Commands
ircd-irc2 - The original IRCNet IRC server daemon
ircd-hybrid
IRC Client
ircII - interface to the Internet Relay Chat system
13. jabber
ejabberd - Distributed, fault-tolerant Jabber/XMPP server written in Erlang
ejabberdctl
DJabberd
freetalk - A console based Jabber client
Developer
python-xmpp
14. NET SNMP (Simple Network Management Protocol)
安装SNMP
例出MBI
SNMP v3
Cacti
15. Network Authentication
Network Information Service (NIS)
安装NIS服务器
Slave NIS Server
客户机软件安装
Authentication Configuration
application example
Mount /home volume from NFS
OpenLDAP
Server
Client
User and Group Management
Kerberos
Kerberos 安装
Kerberos Server
Kerberos Client
Kerberos Management
OpenSSH Authentications
FreeRADIUS
ldap
mysql
WAP2 Enterprise
16. Sniffer
nmap - Network exploration tool and security / port scanner
tcpdump - A powerful tool for network monitoring and data acquisition
监控网络但排除 SSH 22 端口
Debian/Ubuntu
源码安装Resin
Compiling mod_caucho.so
28. Application Service
Zope
JBoss - JBoss Enterprise Middleware
29. Search Engine
Solr
Embedded Jetty
Jetty
Tomcat
solr-php-client
multicore
中文分词
Nutch
30. Web Server Optimization
ulimit
open files
php.ini
Resource Limits
File Uploads
Session Shared
PATHINFO
APC Cache (php-apc - APC (Alternative PHP Cache) module for PHP 5)
Zend Optimizer
eaccelerator
Memcached
编译安装
debian/ubuntu
khttpd
31. Web Analysis
综合测试
awstats
webalizer
32. varnish - a state-of-the-art, high-performance HTTP accelerator
Varnish Install
status
varnishadm
清除缓存
log file
IV. File Transfer, Synchronize, Storage And Backup/Restore
33. Download Tools
wget - retrieves files from the web
下载所有图片
axel - A light download accelerator - Console version
34. FTP (File Transfer Protocol)
ncftp
batch command
ncftpget
ncftpput
FileZilla
vsftpd - The Very Secure FTP Daemon
ProFTPD + MySQL / OpenLDAP 用户认证
Proftpd + MySQL
Proftpd + OpenLDAP
Pure-FTPd + LDAP + MySQL + PGSQL + Virtual-Users + Quota
35. Samba
install
smb.conf
Security consideration
by Example
share
user
test
nmblookup - NetBIOS over TCP/IP client used to lookup NetBIOS names
smbfs/smbmount/smbumount
smbclient - ftp-like client to access SMB/CIFS resources on servers
显示共享目录
访问共享资源
用户登录
smbtar - shell script for backing up SMB/CIFS shares directly to UNIX tape drives
FAQ
smbd/service.c:make_connection_snum(1013)
36. File Synchronize
rsync - fast remote file copy program (like rcp)
install with source
configure
Starting
Using
Coda
GlusterFS
MogileFS
Lustre
Hadoop - HDFS
V. Monitor and Assistant
41. System
pmap - report memory map of a process
Webmin
logwatch
nmon
nulog
42. Network
Cacti
Nagios
BIG BROTHER
Bandwidth
OpenNMS
43. Web
awstats
webalizer
44. Zenoss
45. Ganglia
VI. Cluster / Load Balancing
46. Linux Virtual Server
环境配置
VS/NAT
VS/TUN
VS/DR
配置文件
ipvsadm script
debug
ipvsadm monitor
47. keepalived
安装
test
48. heartbeat+ldirectord
49. HAProxy - fast and reliable load balancing reverse proxy
VII. Multimedia
50. ImageMagick
install
convert
批量转换
resize
51. GraphicsMagick
52. How to add metadata to digital pictures from the command line
53. broadcast streaming
gnump3d - A streaming server for MP3 and OGG files
icecast2 - Ogg Vorbis and MP3 streaming media server
installation from source
shoutcast
PeerCast
54. To convert multimedia format
To convert .rm files to .mp3
encode to Macromedia Flash format
55. Voice over IP
Gnu Gatekeeper
Gnu Gatekeeper Install
Gnu Gatekeeper Configure
Gnu Gatekeeper Test
Asterisk (OpenSource Linux PBX that supports both SIP and H.323)
OpenSER SIP Server
56. Open Source Distributed Computing
Boinc (berkeley 分布式计算平台)
ubuntu apt-get 安装
rc.local
A. 附录
参考文档
Linux 下载排名
B. 历史记录
表格清单
范例清单
19.1. server.conf
19.2. client.conf
19.3. server.ovpn
19.4. client.ovpn
19.5. openvpn.conf
19.6. office.conf
19.7. home.ovpn
23.1. /etc/init.d/lighttpd
23.2. fastcgi.conf
25.1. index.php
25.2. php memcache
25.3. php openssl
25.4. autolamp.sh
25.5. mod_perl.conf
26.1. /etc/profile.d/java.sh
26.2. /etc/rc.d/init.d/www
29.1. /etc/profile.d/java.sh
30.1. /etc/init.d/memcached
36.1. examples
36.2. backup to a central backup server with 7 day incremental
36.3. backup to a spare disk
36.4. mirroring vger CVS tree
36.5. automated backup at home
36.6. Fancy footwork with remote file lists
36.7. /etc/csync2.cfg
41.1. nmon
41.2. config.php
42.1. cacti config.php
47.1. keepalived.conf
下一页
自述
自述
上一页 下一页
自述
目录
本文目的
内容简介
读者对象
作者简介
联系作者
本文目的
为什么写这篇文章
有很多想法,不能实现.工作中也用不到,所以想写出来,和大家分享.有一点写一点,写得也不好,就当
学习笔记了.
这篇文档是作者8年来对工作的总结,是作者一点一滴的积累起来的,有些笔记已经丢失,所以并
不完整。
因为工作太忙整理比较缓慢。
目前的工作涉及面比较窄所以新文档比较少。
我现在花在技术上的时间越来越少,兴趣转向摄影。也想写写摄影方面的心得体会。
我想到哪写到哪,你会发现文章没一个中心,今天这里写点,明天跳过本章写其它的.
文中例子绝对多,对喜欢复制然后粘贴朋友很有用,不用动手写,也省时间.
理论的东西,网上大把,我这里就不写了,需要可以去网上查.
我爱写错别字,还有一些是打错的,如果发现请指正.
文中大部分试验是在Debian/Ubuntu/Redhat AS上完成.
上一页 下一页
Netkiller Linux Advanced 手札 起始页 内容简介
内容简介
上一页 自述 下一页
内容简介
当前文档档容比较杂,涉及内容广泛。
慢慢我会将其中章节拆成新文档.
文档内容简介:
1. Network
2. Security
3. Web Application
4. Database
5. Storage And Backup/Restore
6. Cluster
7. Developer
http://netkiller.sourceforge.net/linux/pr01s02.html[21/5/2010 21:40:13]
读者对象
读者对象
上一页 自述 下一页
读者对象
本文档的读者对象:
文档面向有所有读者。您可以选读您所需要的章节,无需全篇阅读,因为有些章节不一定对你有用,
用得着就翻来看看,暂时用不到的可以不看.
大体分来读者可以分为几类:
1. 架构工程师
2. 系统管理员
3. 系统支持,部署工程师
不管是谁,做什么的,我希望通过阅读这篇文档都能对你有所帮助。
http://netkiller.sourceforge.net/linux/pr01s03.html[21/5/2010 21:40:15]
作者简介
作者简介
上一页 自述 下一页
作者简介
主页地址:http://netkiller.sourceforge.net, http://netkiller.hikz.com, http://netkiller.8800.org
2001年来深圳进城打工,成为一名外来务工者.
2002年我发现不能埋头苦干,埋头搞技术是不对的,还要学会"做人".
2003年这年最惨,公司拖欠工资16000元,打过两次官司2005才付清.
2004年开始加入分布式计算团队,目前成绩
2004-10月开始玩户外和摄影
2005-6月成为中国无线电运动协会会员
2006年单身生活了这么多年,终于找到归宿.
2007物价上涨,买不起房,买不起车,辛辛苦苦几十年,一下回到解放前
2010对电子打击乐产生兴趣,计划学习爵士鼓
联系作者
上一页 自述 下一页
联系作者
Mobile: +86 13113668890
注:请不要问我安装问题!
E-Mail: openunix@163.com
IRC irc.freenode.net #ubuntu / #ubuntu-cn
Yahoo: bg7nyt
ICQ: 101888222
AIM: bg7nyt
TM/QQ: 问我
MSN: 问我
G Talk: 问我
网易泡泡:openunix
写给火腿:
也同样欢迎无线电爱好者和我QSO,我的QTH在深圳龙华苹果园10F,设备YAESU FT-50R,FT-60R,
FT-7800 144-430双段机,拉杆天线/GP天线 Nagoya MAG-79EL-3W/Yagi
第 1 章 Introduction
上一页 下一页
第 1 章 Introduction
目录
Debian/Ubuntu
http://www.ubuntu.com
Gentoo
http://www.gentoo.org/
GPLv3 你可以免费使用,但修改后必须开源,不允许加入闭源商业代码。
BSD 你可以免费使用,修改后可不开源,基本上你可以我所欲为。
上一页 下一页
联系作者 起始页 Distribution information
http://netkiller.sourceforge.net/linux/ch01.html[21/5/2010 21:40:20]
Distribution information
Distribution information
上一页 第 1 章 Introduction 下一页
Distribution information
To find your Ubuntu version: lsb_release -a
neo@netkiller:~$ lsb_release -a
http://netkiller.sourceforge.net/linux/ch01s02.html[21/5/2010 21:40:22]
Linux Installation
Linux Installation
上一页 第 1 章 Introduction 下一页
Linux Installation
partition
volume size
/ 20G
/home 30G
/opt 100G
swap memory * 2
http://netkiller.sourceforge.net/linux/ch01s03.html[21/5/2010 21:40:24]
部分 I. System
部分 I. System
上一页 下一页
部分 I. System
目录
上一页 下一页
Linux Installation 起始页 第 2 章 Ubuntu Server Edition
http://netkiller.sourceforge.net/linux/pt01.html[21/5/2010 21:40:25]
第 2 章 Ubuntu Server Edition
http://netkiller.sourceforge.net/linux/ch02.html[21/5/2010 21:40:27]
第 3 章 CentOS - The Community ENTerprise Operating System
http://netkiller.sourceforge.net/linux/ch03.html[21/5/2010 21:40:30]
部分 II. Network Application
4. network tools
curl / w3m / lynx
iptraf - Interactive Colorful IP LAN Monitor
5. Host
/etc/host.conf
/etc/hosts
hosts.allow / hosts.deny
/etc/resolv.conf
6. IP And Router
netmask
iproute2
添加路由
删除路由
变更路由
增加默认路由
cache
策略路由
负载均衡
MASQUERADE
ip tunnel
VLAN
Zebra
7. DHCP
DHCP Server
dhclient
release matching connections
8. DNS/Bind
bind9
Load Balancing
view
tools
9. Proxy Server
Apache Proxy
Squid - Internet Object Cache (WWW proxy cache)
源码安装
debian/ubuntu 安装
配置
Squid 管理
禁止页面被Cache
Squid 实用案例
Web page proxy
Surrogafier
CGIproxy
PHPProxy
BBlocked
Glype
Zelune
SOCKS
Socks5
dante-server - SOCKS (v4 and v5) proxy daemon(danted)
hpsockd - HP SOCKS server
10. Point to Point
download
rtorrent - ncurses BitTorrent client based on LibTorrent
mldonkey-server - Door to the 'donkey' network
amule - client for the eD2k and Kad networks, like eMule
11. News Group (innd)
User Authentication
usenet 管理
通过SSL连接
src.rpm 安装
12. IRC - Internet Relay Chat
IRC Commands
ircd-irc2 - The original IRCNet IRC server daemon
ircd-hybrid
IRC Client
ircII - interface to the Internet Relay Chat system
13. jabber
Windows Server
Windows Client
point-to-point VPNs
源码安装
vpn 案例
20. pptpd
21. Ipsec VPN
openswan - IPSEC utilities for Openswan
strongswan - IPSec utilities for strongSwan
ipsec-tools - IPsec tools for Linux
22. Stunnel - universal SSL tunnel
上一页 下一页
第 3 章 CentOS - The Community 第 4 章 network tools
起始页
ENTerprise Operating System
第 4 章 network tools
上一页 部分 II. Network Application 下一页
第 4 章 network tools
目录
curl http://netkiller.8800.org
w3m
w3m http://netkiller.8800.org
lynx
lynx http://netkiller.8800.org
http://netkiller.sourceforge.net/linux/ch04.html[21/5/2010 21:40:34]
iptraf - Interactive Colorful IP LAN Monitor
http://netkiller.sourceforge.net/linux/ch04s02.html[21/5/2010 21:40:36]
第 5 章 Host
第 5 章 Host
上一页 部分 II. Network Application 下一页
第 5 章 Host
目录
/etc/host.conf
/etc/hosts
hosts.allow / hosts.deny
/etc/resolv.conf
/etc/host.conf
解析顺序配置文件
首先在/etc/hosts文件中寻找,如果不存在,再去DNS服务器中寻找
http://netkiller.sourceforge.net/linux/ch05.html[21/5/2010 21:40:38]
/etc/hosts
/etc/hosts
上一页 第 5 章 Host 下一页
/etc/hosts
IP地址后面TAB符,然后写主机地址
http://netkiller.sourceforge.net/linux/ch05s02.html[21/5/2010 21:40:39]
hosts.allow / hosts.deny
hosts.allow / hosts.deny
上一页 第 5 章 Host 下一页
hosts.allow / hosts.deny
/etc/hosts.allow 和 /etc/hosts.deny
许可IP/禁止IP,相当于黑白名单
http://netkiller.sourceforge.net/linux/ch05s03.html[21/5/2010 21:40:41]
/etc/resolv.conf
/etc/resolv.conf
上一页 第 5 章 Host 下一页
/etc/resolv.conf
search example.com
nameserver 208.67.222.222
nameserver 208.67.220.220
http://netkiller.sourceforge.net/linux/ch05s04.html[21/5/2010 21:40:43]
第 6 章 IP And Router
第 6 章 IP And Router
上一页 部分 II. Network Application 下一页
第 6 章 IP And Router
目录
netmask
iproute2
添加路由
删除路由
变更路由
增加默认路由
cache
策略路由
负载均衡
MASQUERADE
ip tunnel
VLAN
Zebra
netmask
# iptab
+----------------------------------------------+
| addrs bits pref class mask |
+----------------------------------------------+
| 1 0 /32 255.255.255.255 |
| 2 1 /31 255.255.255.254 |
| 4 2 /30 255.255.255.252 |
| 8 3 /29 255.255.255.248 |
| 16 4 /28 255.255.255.240 |
| 32 5 /27 255.255.255.224 |
| 64 6 /26 255.255.255.192 |
| 128 7 /25 255.255.255.128 |
| 256 8 /24 1C 255.255.255.0 |
| 512 9 /23 2C 255.255.254.0 |
| 1K 10 /22 4C 255.255.252.0 |
| 2K 11 /21 8C 255.255.248.0 |
| 4K 12 /20 16C 255.255.240.0 |
| 8K 13 /19 32C 255.255.224.0 |
| 16K 14 /18 64C 255.255.192.0 |
| 32K 15 /17 128C 255.255.128.0 |
| 64K 16 /16 1B 255.255.0.0 |
| 128K 17 /15 2B 255.254.0.0 |
| 256K 18 /14 4B 255.252.0.0 |
| 512K 19 /13 8B 255.248.0.0 |
| 1M 20 /12 16B 255.240.0.0 |
| 2M 21 /11 32B 255.224.0.0 |
| 4M 22 /10 64B 255.192.0.0 |
| 8M 23 /9 128B 255.128.0.0 |
| 16M 24 /8 1A 255.0.0.0 |
| 32M 25 /7 2A 254.0.0.0 |
| 64M 26 /6 4A 252.0.0.0 |
| 128M 27 /5 8A 248.0.0.0 |
| 256M 28 /4 16A 240.0.0.0 |
| 512M 29 /3 32A 224.0.0.0 |
| 1024M 30 /2 64A 192.0.0.0 |
| 2048M 31 /1 128A 128.0.0.0 |
| 4096M 32 /0 256A 0.0.0.0 |
+----------------------------------------------+
iproute2
上一页 第 6 章 IP And Router 下一页
iproute2
add 增加路由
del 删除路由
via 网关出口 IP地址
dev 网关出口 物理设备名
添加路由
删除路由
变更路由
增加默认路由
192.168.0.1 是我的默认路由器
cache
策略路由
上一页 第 6 章 IP And Router 下一页
策略路由
比如我们的LINUX有3个网卡
eth0: 192.168.1.1 (局域网)
eth1: 172.17.1.2 (default gw=172.17.1.1,可以上INTERNET)
eth2: 192.168.10.2 (连接第二路由192.168.10.1,也可以上INTERNET)
实现两个目的
1、让192.168.1.66从第二路由上网,其他人走默认路由
2、让所有人访问192.168.1.1的FTP时,转到192.168.10.96上
配置方法:
vi /etc/iproute2/rt_tables
#
# reserved values
#
255 local
254 main
253 default
100 ROUTE2
http://phorum.study-area.org/viewtopic.php?t=10085
引用:# 對外網卡
EXT_IF="eth0"
# HiNet IP
EXT_IP1="111.111.111.111"
EXT_MASK1="24"
GW1="111.111.111.1"
# SeedNet IP
EXT_IP2="222.222.222.222"
EXT_MASK2="24"
GW2="222.222.222.1"
# ?#93;定 ip
ip addr add $EXT_IP1/$EXT_MASK1 dev $EXT_IF
ip addr add $EXT_IP2/$EXT_MASK2 dev $EXT_IF
# 清除 route cache
ip route flush cache
它这里的ip rule也是这么使用的
负载均衡
上一页 第 6 章 IP And Router 下一页
负载均衡
ip route add default scope global nexthop dev ppp0 nexthop dev ppp1
neo@debian:~$ sudo ip route add default scope global nexthop via 192.168.3.1 dev
eth0 weight 1 \
nexthop via 192.168.5.1 dev eth2 weight 1
ip route add default scope global nexthop via $P1 dev $IF1 weight 1 \
nexthop via $P2 dev $IF2 weight 1
http://netkiller.sourceforge.net/linux/ch06s04.html[21/5/2010 21:40:50]
MASQUERADE
MASQUERADE
上一页 第 6 章 IP And Router 下一页
MASQUERADE
iptables–tnat–APOSTROUTING–d192.168.1.0/24–s0/0–oppp0–jMASQUERD
iptables–tnat–APOSTROUTING–s192.168.1.0/24-jSNAT–
to202.103.224.58
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE
http://netkiller.sourceforge.net/linux/ch06s05.html[21/5/2010 21:40:52]
ip tunnel
ip tunnel
上一页 第 6 章 IP And Router 下一页
ip tunnel
ipip 是IP隧道模块
1. server 1
modprobe ipip
ip tunnel add mytun mode ipip remote 220.201.35.11 local 211.100.37.167 ttl 255
ifconfig mytun 10.42.1.1
route add -net 10.42.1.0/24 dev mytun
2. server 2
modprobe ipip
ip tunnel add mytun mode ipip remote 211.100.37.167 local 220.201.35.11 ttl 255
ifconfig mytun 10.42.1.2
route add -net 10.42.1.0/24 dev mytun
3. nat
删除路由表
修改IP隧道的IP
ip 伪装
VLAN
上一页 第 6 章 IP And Router 下一页
VLAN
首先需确保加载了内核模块 802.1q
加载后会生成目录/proc/net/vlan
http://netkiller.sourceforge.net/linux/ch06s07.html[21/5/2010 21:40:56]
Zebra
Zebra
上一页 第 6 章 IP And Router 下一页
Zebra
http://www.zebra.org/
http://netkiller.sourceforge.net/linux/ch06s08.html[21/5/2010 21:40:57]
第 7 章 DHCP
第 7 章 DHCP
上一页 部分 II. Network Application 下一页
第 7 章 DHCP
目录
DHCP Server
dhclient
release matching connections
DHCP Server
eth0 公网ip
dhcpd.conf配置内容如下:
#Sample /etc/dhcpd.conf
default-lease-time 1200;
max-lease-time 19200;
option domain-name-servers 202.102.192.68,202.102.199.68;
#option domain-name "test.test";
ddns-update-style ad-hoc;
dhclient
上一页 第 7 章 DHCP 下一页
dhclient
all interface
$ sudo dhclient
eth0
http://netkiller.sourceforge.net/linux/ch07s02.html[21/5/2010 21:41:01]
release matching connections
http://netkiller.sourceforge.net/linux/ch07s03.html[21/5/2010 21:41:02]
第 8 章 DNS/Bind
第 8 章 DNS/Bind
上一页 部分 II. Network Application 下一页
第 8 章 DNS/Bind
目录
bind9
Load Balancing
view
tools
bind9
neo@master:~$ # apt-get install bind9
named.conf.local.neo.org
zone "neo.org" in {
type master;
file "db.neo.org";
};
zone "0.16.172.in-addr.arpa" in {
type master;
file "db.172.16.0";
};
/var/cache/bind/db.neo.org
NS ns.neo.org.
@ IN A 172.16.0.1
www IN A 172.16.0.1
mail IN A 172.16.0.1
@ MX 10 mail.neo.org.
/var/cache/bind/db.172.16.0
1 PTR www1.neo.org.
2 PTR www2.neo.org.
3 PTR www3.neo.org.
neo@master:~$
/etc/resolv.conf
Load Balancing
上一页 第 8 章 DNS/Bind 下一页
Load Balancing
Load Balancing (DNS 轮循负载均衡•••)
Bind 8
www1 IN A 172.16.0.1
www2 IN A 172.16.0.2
www3 IN A 172.16.0.3
www4 IN A 172.16.0.4
Bind 9
NS ns.neo.org.
@ IN A 192.168.0.1
web IN A 192.168.0.1
mail IN A 192.168.0.1
@ MX 10 mail.neo.org.
www IN A 172.16.0.1
www IN A 172.16.0.2
www IN A 172.16.0.3
www IN A 172.16.0.4
www IN A 10.50.1.110
www IN A 10.50.1.131
www IN A 10.50.1.122
neo@master:~$
view
上一页 第 8 章 DNS/Bind 下一页
view
acl "cnc_view" {
220.250.21.86;
216.93.170.17;
216.93.160.16;
210.53.31.2;
218.104.224.106;
218.66.59.233;
218.66.102.93;
202.101.98.55;
};
view "cnc" {
match-clients { "cnc_view"; };
recursion yes;
zone "." { type hint; file "named.root"; };
zone "netkiller.org.cn" { type master; file "cnc/netkiller.org.cn" ; };
};
view "no_cnc" {
match-clients { any; };
recursion yes;
zone "netkiller.org.cn" { type master; file "telecom/netkiller.org.cn"; };
zone "." { type hint; file "named.root"; };
};
http://netkiller.sourceforge.net/linux/ch08s03.html[21/5/2010 21:41:08]
tools
tools
上一页 第 8 章 DNS/Bind 下一页
tools
nslookup
;; QUESTION SECTION:
;netkiller.8800.org. IN A
;; ANSWER SECTION:
netkiller.8800.org. 14353 IN A 220.201.35.11
;; AUTHORITY SECTION:
8800.org. 86398 IN NS ns1.3322.net.
8800.org. 86398 IN NS ns2.3322.net.
;; ADDITIONAL SECTION:
ns1.3322.net. 166302 IN A 61.177.95.125
ns2.3322.net. 166298 IN A 222.185.245.254
[root@testing neo]#
第 9 章 Proxy Server
上一页 部分 II. Network Application 下一页
第 9 章 Proxy Server
目录
Apache Proxy
Squid - Internet Object Cache (WWW proxy cache)
源码安装
debian/ubuntu 安装
配置
Squid 管理
禁止页面被Cache
Squid 实用案例
Web page proxy
Surrogafier
CGIproxy
PHPProxy
BBlocked
Glype
Zelune
SOCKS
Socks5
dante-server - SOCKS (v4 and v5) proxy daemon(danted)
hpsockd - HP SOCKS server
Apache Proxy
proxy.conf
ProxyRequests On
#ProxyRequests Off
ProxyRequests On
<Proxy *>
Order deny,allow
Deny from all
#Allow from .your_domain.com
Allow from all
</Proxy>
ProxyVia On
# To enable the cache as well, edit and uncomment the following lines:
# (no cacheing without CacheRoot)
CacheRoot "/var/cache/apache2/proxy"
CacheSize 5
CacheGcInterval 4
CacheMaxExpire 24
CacheLastModifiedFactor 0.1
CacheDefaultExpire 1
# Again, you probably should change this.
#NoCache a_domain.com another_domain.edu joes.garage_sale.com
</IfModule>
VirtualHost
<VirtualHost *>
ServerAdmin openunix@163.com
DocumentRoot /home/netkiller/public_html
ServerName netkiller.8800.org
ErrorLog /home/netkiller/log/netkiller.8800.org-error_log
CustomLog /home/netkiller/log/netkiller.8800.org-access_log common
ProxyPass /mirror/1/ http://netkiller.hikz.com/
ProxyPassReverse /mirror/1/ http://netkiller.hikz.com/
<Location /repos>
DAV svn
SVNPath /home/netkiller/repos
</Location>
</VirtualHost>
<VirtualHost *:*>
ServerAdmin openunix@163.com
ServerName mirror.netkiller.8800.org
ErrorLog /home/netkiller/log/netkiller.8800.org-error_log
CustomLog /home/netkiller/log/netkiller.8800.org-access_log common
ProxyPass / http://netkiller.hikz.com/
ProxyPassReverse / http://netkiller.hikz.com/
</VirtualHost>
测试http://netkiller.8800.org/mirror/1/, mirror.netkiller.8800.org
cache_vary on
源码安装
wget http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE13.tar.gz
./configure --prefix=/usr/local/squid-2.6
make all
make install
mkdir -p /usr/local/squid-2.6/var/cache
chown nobody.nobody -R /usr/local/squid-2.6/var/
ln -s /usr/local/squid-2.6 /usr/local/squid
cd /usr/local/squid
./squid -NCd1
debian/ubuntu 安装
配置
查看当前配置参数
当你打开squid.conf文件时,你会头大,因为文件太长了,并且已经启用了部分参数。你可以使用下面命令查看那
些参数被开启。
下面是安装squid3后的默认开启选项
coredump_dir /var/spool/squid3
修改squid.conf之前请做好备份。
生成自己的squid.conf文件,这样比较清晰
代理服务器
加入权限认证
#
# Add this to the auth_param section of squid.conf
#
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
#
# Add this to the bottom of the ACL section of squid.conf
#
acl ncsa_users proxy_auth REQUIRED
acl business_hours time M T W H F 9:00-17:00
http://netkiller.sourceforge.net/linux/ch09s02.html(第 3/14 页)[21/5/2010 21:41:15]
Squid - Internet Object Cache (WWW proxy cache)
#
# Add this at the top of the http_access section of squid.conf
#
http_access allow ncsa_users business_hours
设置你的浏览器,并测试
Squid作为反向代理Cache服务器(Reverse Proxy)
这里我们将apache和squid安装在一台服务器上
过程 9.1. 配置步骤
1. 配置Apache监听端口
netkiller@Linux-server:~$ cd /etc/apache2/
netkiller@Linux-server:/etc/apache2$ sudo cp ports.conf ports.conf.old
netkiller@Linux-server:/etc/apache2$ sudo vi ports.conf
Listen 8080
Listen 443
netkiller@Linux-server:/etc/apache2$ sudo /etc/init.d/apache2 restart
* Forcing reload of apache 2.0
web
server...
[ ok ]
netkiller@Linux-server:/etc/apache2$
restart/reload后测试一下
http://localhost:8080/
2. squid 2.5 之前的版本
netkiller@Linux-server:/etc/apache2$ cd ../squid/
netkiller@Linux-server:/etc/squid$ sudo vi squid.conf
http_port 80
httpd_accel_host localhost
httpd_accel_port 8080
httpd_accel_single_host on
httpd_accel_with_proxy on
httpd_accel_uses_host_header off
netkiller@Linux-server:/etc/squid$ sudo /etc/init.d/squid reload
* Reloading Squid configuration files
...done.
netkiller@Linux-server:/etc/squid$
对公网主机220.201.35.11:80做Cache
netkiller@Linux-server:/etc/apache2$ cd ../squid/
netkiller@Linux-server:/etc/squid$ sudo vi squid.conf
http_port 80
httpd_accel_host 220.201.35.11
httpd_accel_port 80
httpd_accel_single_host on
httpd_accel_with_proxy on
httpd_accel_uses_host_header off
netkiller@Linux-server:/etc/squid$ sudo /etc/init.d/squid reload
* Reloading Squid configuration files
...done.
netkiller@Linux-server:/etc/squid$
多台主机做Cache
netkiller@Linux-server:/etc/apache2$ cd ../squid/
netkiller@Linux-server:/etc/squid$ sudo vi squid.conf
http_port 80
httpd_accel_host virtual
httpd_accel_port 8080
httpd_accel_single_host on
httpd_accel_with_proxy on
httpd_accel_uses_host_header off
netkiller@Linux-server:/etc/squid$ sudo /etc/init.d/squid reload
* Reloading Squid configuration files
...done.
netkiller@Linux-server:/etc/squid$
3. squid 2.6之后版本的配置
localhost
其它主机
4. 2.7/3.0 版本
visible_hostname netkiller.8800.org
5. 注意事项
ERROR
* Access Denied
#squid.conf
#服务器IP 192.168.1.1
#监听服务器的80端口,透明代理,支持域名和IP的虚拟主机
http_port 192.168.1.1:80 transparent vhost vport
#限制同一IP客户端的最大连接数
acl OverConnLimit maxconn 16
http_access deny OverConnLimit
#防止天涯盗链,转嫁给百度
acl tianya referer_regex -i tianya
http_access deny tianya
deny_info http://www.baidu.com/logs.gif tianya
#防止被人利用为HTTP代理,设置允许访问的IP地址
acl myip dst 192.168.1.1
http_access deny !myip
http://netkiller.sourceforge.net/linux/ch09s02.html(第 7/14 页)[21/5/2010 21:41:15]
Squid - Internet Object Cache (WWW proxy cache)
#防止百度机器人爬死服务器
acl AntiBaidu req_header User-Agent Baiduspider
http_access deny AntiBaidu
#允许本地管理
acl Manager proto cache_object
acl Localhost src 127.0.0.1 192.168.1.1
http_access allow Manager Localhost
http_access deny Manager
#仅仅允许80端口的代理
acl Safe_ports port 80 # http
http_access deny !Safe_ports
http_access allow all
#Squid信息设置
visible_hostname netkiller.8800.org
cache_mgr openunix@163.com
#基本设置
cache_effective_user squid
cache_effective_group squid
tcp_recv_bufsize 65535 bytes
#2.5的反向代理加速配置
#httpd_accel_host 127.0.0.1
#httpd_accel_port 80
#httpd_accel_single_host on
#httpd_accel_uses_host_header on
#httpd_accel_with_proxy on
#2.6的反向代理加速配置
#代理到本机的80端口的服务,仅仅做为原始内容服务器
cache_peer 127.0.0.1 parent 80 0 no-query originserver
#错误文档
error_directory /usr/local/squid/share/errors/Simplify_Chinese
#单台使用,不使用该功能
icp_port 0
代理+反向代理
# ACCEL MODE
# -----------------------------------------------------------------------------
cache_peer 10.34.2.93 parent 80 0 no-query originserver
cache_peer_access 220.201.35.11 allow ACCEL_MODE
cache_peer_access 220.201.35.11 deny all
Squid 管理
squidclient
http://netkiller.sourceforge.net/linux/ch09s02.html(第 9/14 页)[21/5/2010 21:41:15]
Squid - Internet Object Cache (WWW proxy cache)
squidclient 使用方法
ASYNC IO Counters:
Operation # Requests
open 0
close 0
cancel 0
write 0
read 0
stat 0
unlink 0
check_callback 0
queue 0
debian:~#
squidclient -p 80 mgr:5min
http://netkiller.sourceforge.net/linux/ch09s02.html(第 10/14 页)[21/5/2010 21:41:15]
Squid - Internet Object Cache (WWW proxy cache)
reset cache
重做 cache
mkdir /var/spool/squid
chown proxy.proxy -R /var/spool/squid
netkiller@Linux-server:~$ sudo squid -z
netkiller@Linux-server:~$ sudo squid -k reconfigure
禁止页面被Cache
加到head中
HTML
<META HTTP-EQUIV="pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Cache-Control" CONTENT="no-cache, must-revalidate">
<META HTTP-EQUIV="expires" CONTENT="Wed, 26 Feb 1978 08:21:57 GMT">
ASP
<%
Response.Expires = -1
Response.ExpiresAbsolute = Now() - 1
Response.cachecontrol = "no-cache"
%>
PHP
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
JSP
response.setHeader("Pragma","No-Cache");
response.setHeader("Cache-Control","No-Cache");
response.setDateHeader("Expires", 0);
C#中禁止cache的方法!
Response.Buffer=true;
Response.ExpiresAbsolute=System.DateTime.Now.AddSeconds(-1);
Response.Expires=0;
Response.CacheControl="no-cache";
http://netkiller.sourceforge.net/linux/ch09s02.html(第 11/14 页)[21/5/2010 21:41:15]
Squid - Internet Object Cache (WWW proxy cache)
让浏览器发送no-cache头,只需Ctrl+f5刷新
Squid 实用案例
用户访问时通过80端口访问服务器.不想让用户访问8080.
1. web server
Listen 127.0.0.1:8080
lighttpd
vi /etc/lighttpd/lighttpd.conf
server.port = 8080
server.bind = "localhost"
/etc/init.d/lighttpd reload
本地测试
curl http://127.0.0.1:8080/
2. Squid
测试
curl http://127.0.0.1/
在其它电脑上用IE访问http://your_ip/ 可以看到你的主页
使用 nmap 工具还是可以看到8080存在的.
# nmap localhost
squid.conf
iptables 做端口重定向
Surrogafier
homepage: http://bcable.net/project.php?surrogafier
Surrogafier,安装最简便。只需要下载一个PHP文件,上传到网站的某个目录,然后从浏览器里访问这个PHP脚本,就
有了代理页面。
基本配置
高级选项
#从代理服务器到用户的传输用gzip压缩
define('GZIP_PROXY_USER',true);
# 如果可能,在代理获取的内容也用gzip压缩
define('GZIP_PROXY_SERVER',true);
#每次访问的超时计数,由10秒增加到20秒
define('TIME_LIMIT',20);
#域名解析缓存的时间,由原来的10分钟,改为90分钟
define('DNS_CACHE_EXPIRE',90);
CGIproxy
http://www.jmarshall.com/tools/cgiproxy/
PHPProxy
http://sourceforge.net/projects/poxy/
$ wget http://nchc.dl.sourceforge.net/sourceforge/poxy/poxy-0.5b2.zip
$ unzip poxy-0.5b2.zip
http://freshmeat.net/projects/phpproxy/
BBlocked
http://www.bblocked.org/
Glype
http://www.glype.com/
Zelune
SOCKS
上一页 第 9 章 Proxy Server 下一页
SOCKS
Socks5
软件包socks5-v1.0r11他的主站已经无法访问,你可以搜一下.
安装
./configure --with-threads
make
make install
1. install.
2. configure.
SSL Tunnel
or
第 10 章 Point to Point
上一页 部分 II. Network Application 下一页
第 10 章 Point to Point
目录
download
rtorrent - ncurses BitTorrent client based on LibTorrent
mldonkey-server - Door to the 'donkey' network
amule - client for the eD2k and Kad networks, like eMule
download
MLDONKEY_DIR=/var/lib/mldonkey
MLDONKEY_USER=mldonkey
MLDONKEY_GROUP=mldonkey
MLDONKEY_UMASK=0022
LAUNCH_AT_STARTUP=false
MLDONKEY_NICENESS=0
Initial Setup
Once the daemon is running, connect to it as the admin user and change the password:
MLdonkey command-line:
> auth admin ""
Full access enabled
MLdonkey command-line:
> passwd newpasswd
Password of user admin changed
MLdonkey command-line:
>
amule - client for the eD2k and Kad networks, like eMule
User Authentication
usenet 管理
通过SSL连接
src.rpm 安装
homepage: http://www.isc.org/inn.html
过程 11.1. innd
1. debian 安装
2. 配置
a. inn.conf
cd /etc/news/
chown news.news inn.conf
domain: example.org
server: localhost
fromhost: news.example.org
moderatormailer: openunix@163.com
b. storage.conf
vi storage.conf
method tradspool {
newsgroups: *
class: 0
}
c. readers.conf
vi readers.conf
auth "local" {
hosts: "*"
default: "*"
}
access "local" {
users: "*"
newsgroups: "*"
}
3. start
/etc/init.d/innd start
news://news.example.org
User Authentication
过程 11.2. Authinfo
1. ckpasswd
2. shadow auth
auth local {
auth: "ckpasswd -s"
}
access local {
users: "neo"
newsgroups: "*,!junk,!control,!control.*"
}
3. passwd file
auth local {
auth: "ckpasswd -f /etc/news/newsusers"
}
access local {
users: "neo"
newsgroups: "*,!junk,!control,!control.*"
}
4. dbm,ndbm
usenet 管理
上一页 第 11 章 News Group (innd) 下一页
usenet 管理
Usenet新闻组有以下几大类:
●comp 计算机科学及相关的话题
●news 一般性的新闻话题
●rec 个人爱好、娱乐活动、艺术话题
●sci 科学研究、工程技术
●soc 社会类话题
●biz 商业类话题
●talk 有争议的话题
●misc 不属于以上几类的或有交叉的话题
后来又增加了一类“alt”,这是一个范围较小、使用的人也较少的一个新闻组,
“alt”是“altemative” 的简写,是“替代”的意思,在这个组可以讨论各类话题。
创建组
ctlinnd 手册
使用 ctlinnd 这 个 指 令 的 大 部 份 功 能 都 只 会 在 INND 开 启 后 才 可 以 使 用 , 例 如
就 是 新 增 Newsgroup , 您可 以 参考 ctlinnd 的 系 统 手 册 。 以 下 是 一 些 常 用 的 功 能
解 释 及 例 子 。
这 个 作 法 是 新 增 一 个 名 为 "group.readers.discuss" 的 Newsgroup
暂 停 一 切 的 连 线 及 不 准 许 新 的 文 章 , 这 个 适 合 作 为 暂 时 性 的 服 务 暂 停 。 而
[reason] 部 份是 关键 钥 , 您 可 以 输 入 任 何 的 [reason] , 下 文 再 谈 。
暂 停 一 切 的 连 线 及 不 准 许 新 的 文 章 , 并 且 也 会 关 闭 INND 的 "history" 檔 案 。
这 个 适 合 作为 长 时期 的 服 务 暂 停 。 而 [reason] 部 份 是 关 键 钥 , 您 可 以 输 入 任
何 的 [reason] , 下 文 再 谈 。
通过SSL连接
上一页 第 11 章 News Group (innd) 下一页
通过SSL连接
$ cat /etc/news/sasl.conf
创建证书
设置权限
src.rpm 安装
上一页 第 11 章 News Group (innd) 下一页
src.rpm 安装
下载文件
wget ftp://rpmfind.net/linux/redhat/enterprise/4/en/os/i386/SRPMS/inn-2.3.5-12.src.
rpm
cd /usr/src/redhat/SPECS
rpmbuild --ba inn.spec
cd /usr/src/redhat/RPMS/i386/
rpm -ivh *
makedbz
cd /var/lib/news
chmod 664 active
sudo -u news /usr/lib/news/bin/makedbz -i
mv history.n.dir history.dir
mv history.n.hash history.hash
mv history.n.index history.index
inncheck
http://netkiller.sourceforge.net/linux/ch11s04.html[21/5/2010 21:41:31]
第 12 章 IRC - Internet Relay Chat
IRC Commands
ircd-irc2 - The original IRCNet IRC server daemon
ircd-hybrid
IRC Client
ircII - interface to the Internet Relay Chat system
IRC Protcol
irc://chat.freenode.net/wikipedia-zh
irc://host/channel
irc://chat.freenode.net/wikipedia-zh
http://netkiller.sourceforge.net/linux/ch12.html[21/5/2010 21:41:33]
IRC Commands
IRC Commands
上一页 第 12 章 IRC - Internet Relay Chat 下一页
IRC Commands
IRC常用命令
/charset utf-8
/serv irc.freenode.net
/nick 更改昵称
/join 加入/建立聊天室
/knock 要求进入私人聊天室
/invite 邀请用户进入私人聊天室
/privmsg 悄悄话
/ignore 忽略
/away 暂时离开
/whois 查询用户信息
/names 列出所有在线用户
/topic 更换聊天室主题
/kick 把用户踢出聊天室
/quit 退出聊天室
IRC命令有二点值得您注意:
所有的IRC命令都是由“/”引导。
在不引起混淆的情况下,IRC命令允许简写。例如,/join 命令可以简写为/j,/jo或者/joi。
/nick
更改昵称的基本方法是:/n(ick) 新的昵称
您的昵称可以包含英文字母,数字,汉字及下划线等。但是,昵称不能超过50个(每个字符和汉字都算一个字),而
且不能包含$,+,!和空格。
/nick 命令等价于工具按钮中的“改变别名”。
/join
/join命令的格式是:/j(oin) 聊天室名
如果聊天室已经存在,您就进入该聊天室。此时,/join 命令等价于聊天室列表工具按钮中的“进入”。
如果聊天室不存在,您就建立了一个新的聊天室并进入。此时,/join 命令等价于工具按钮中的“建聊天室”。
聊天室的名字可以包含英文字母,数字,汉字及下划线等。但是,不能超过50个字(每个字符和汉字都算一个字),
而且不能包含$,+,!和空格。
/mode +(-)i
+i 或 /m(ode) -i
只有用户自建的聊天室才能加锁。
未经管理员邀请,其他用户不能进入私人聊天室。
/mode +(-)o
+o 用户昵称或/m(ode)-o用户昵称只有聊天室管理员才能使用这个命令。
/knock
/knock 命令可以让您询问私人聊天室管理员是否可以进入该私人聊天室。其命令格式是:/k(nock) 房间名
消息]
/invite
只有私人聊天室的管理员才能使用这个命令。
/privmsg
/privmsg 命令用来向在同一间聊天室的某个用户发送私人消息(悄悄话)。也就是说,您的消息只送给指定的人,
而不会显示给其他用户。
接受您的私人消息的用户必须和您在同一间聊天室。
“用户昵称”和“消息”这两个参数是不能省略的。
如果某个用户的昵称太长,在不会产生混淆的情况下,您可以只输入用户昵称的头几个字母,系统会进行自动匹配。
例如:聊天室里除了您之外还有两个用户,他们的昵称分别是xiaobao和softman。您若想给softman发送悄悄
话,可以在输入框里输入下面的命令:
/ignore
/ignore 命令用来把某个用户加入您的“坏人黑名单”。一旦某个用户进入了您的黑名单,他说的任何话都将不会显
示在您的终端上。
用户昵称所代表的用户必须和您在同一个聊天室。
/ignore 命令等价于用户列表工具按钮中的“忽略”。
如果某个用户的昵称太长,在不会产生混淆的情况下,您可以只输入用户昵称的头几个字母,系统会进行自动匹配。
在您的用户列表中,如果某个用户昵称前有一个#,表示该用户已经被您列入黑名单。
/away
/away 命令用来把自己设为“暂时离开”状态,并可以留言给其他用户。当其他用户和您说悄悄话时,您预先设置的
留言会自动回复给其他用户。
“留言”这个参数是可选的。如果有这个参数,您的状态会被设置为“暂时离开”。否则,您的状态会被设置为“我回来
了”。
当您暂时离开聊天室时,用户列表中您的昵称前会出现一个?,表示您处于“离开”状态。工具按钮中的“暂时离开”也
会变为“我回来了”。
/away 命令等价于工具按钮中的“暂时离开”
/whois
/whois 命令用来查询某个用户的信息,包括用户的亿唐ID,IP地址,目前所在的聊天室和发呆时间。
/whois命令等价于用户列表工具按钮中的“查询”。
/names
/topic
/topic 命令用来设定当前聊天室的主题。
只有当前聊天室的管理员(op)才有权利设定聊天室主题。
聊天室的创建者就是该聊天室的管理员。
/kick
/kick 命令用来把某个用户踢出当前聊天室。
只有当前聊天室的管理员(op)才有权利把其他用户踢出当前聊天室。
聊天室的创建者就是该聊天室的管理员。
管理员权限可以通过/mode +o命令转交。
请诸位网友慎用这个命令。“君子动口不动手”嘛!
/quit
/quit 命令用来退出聊天室。
“消息”这个参数是可选的。如果您指定退出时的消息,该消息会发送给当前聊天室中的其他用户。您可以使用这个消
息向其他用户道别。
/quit 命令等价于工具按钮中的“结束聊天”。
Configuration
http://netkiller.sourceforge.net/linux/ch12s03.html[21/5/2010 21:41:37]
ircd-hybrid
ircd-hybrid
上一页 第 12 章 IRC - Internet Relay Chat 下一页
ircd-hybrid
install
script file
netkiller@shenzhen:~$ /etc/init.d/ircd-hybrid
Usage: /etc/init.d/ircd-hybrid {start|stop|restart|reload|force-reload}
config file
http://netkiller.sourceforge.net/linux/ch12s04.html[21/5/2010 21:41:39]
IRC Client
IRC Client
上一页 第 12 章 IRC - Internet Relay Chat 下一页
IRC Client
Client
TUI client
/etc/irc/servers
172.16.0.1
freenode.net
第 13 章 jabber
上一页 部分 II. Network Application 下一页
第 13 章 jabber
目录
jabber homepage
1. install
2. configure.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% Options which are set by Debconf and managed by ucf
%% Admin user
{acl, admin, {user, "neo", "netkiller.8800.org"}}.
%% Hostname
{hosts, ["netkiller.8800.org"]}.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
3. create a admin
5. test
$ vim ~/.sendxmpprc
#account@host:port password
neo@netkiller.8800.org chen
send messages
ejabberdctl
set-password
DJabberd
上一页 第 13 章 jabber 下一页
DJabberd
http://www.danga.com/djabberd/
http://netkiller.sourceforge.net/linux/ch13s02.html[21/5/2010 21:41:46]
freetalk - A console based Jabber client
$ freetalk
http://netkiller.sourceforge.net/linux/ch13s03.html[21/5/2010 21:41:47]
Developer
Developer
上一页 第 13 章 jabber 下一页
Developer
python-xmpp
$ cat jabber.py
import xmpp
jid=xmpp.protocol.JID('neo@netkiller.8800.org')
cl=xmpp.Client(jid.getDomain(),debug=[])
cl.connect()
cl.auth(jid.getNode(),'chen')
cl.send(xmpp.protocol.Message('neo@netkiller.8800.org','hi there'))
cl.disconnect()
http://netkiller.sourceforge.net/linux/ch13s04.html[21/5/2010 21:41:49]
第 14 章 NET SNMP (Simple Network Management Protocol)
安装SNMP
例出MBI
SNMP v3
Cacti
安装SNMP
search package
安装
配置 /etc/snmp/snmpd.conf
参考:http://www.mkssoftware.com/docs/man1/snmptranslate.1.asp
例出MBI
上一页 第 14 章 NET SNMP (Simple Network Management Protocol) 下一页
例出MBI
$ snmpwalk -c public -v 1 127.0.0.1 1.3.6.1.2.1.1
SNMP v3
上一页 第 14 章 NET SNMP (Simple Network Management Protocol) 下一页
SNMP v3
test
defAuthPassphrase <netadminpassword>
defVersion 3
test
Cacti
第 14 章 NET SNMP (Simple Network
上一页 下一页
Management Protocol)
Cacti
Cacti
http://netkiller.sourceforge.net/linux/ch14s04.html[21/5/2010 21:41:57]
第 15 章 Network Authentication
第 15 章 Network Authentication
上一页 部分 II. Network Application 下一页
第 15 章 Network Authentication
目录
安装NIS服务器
过程 15.1. 安装NIS服务器
1. ypserv
2. /etc/hosts
3. 设置NIS域名
# nisdomainname example.com
# nisdomainname
example.com
加入 /etc/rc.local 开机脚本
4. 设置/etc/ypserv.conf主配置文件
# vim /etc/ypserv.conf
127.0.0.0/255.255.255.0 : * : * : none
192.168.3.0/255.255.255.0 : * : * : none
* : * : * : deny
5. 创建 /var/yp/securenets 文件
securenets 安全配置文件
# vim /var/yp/securenets
host 127.0.0.1
255.255.255.0 192.168.3.0
6. 启动NIS服务器
NIS服务器需要portmap服务的支持,并且需要启动ypserv和yppasswdd两个服务
7. 构建NIS数据库
32bit: /usr/lib/yp/ypinit -m
64bit: /usr/lib64/yp/ypinit -m
At this point, we have to construct a list of the hosts which will run NIS
servers. nis.example.com is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a <control D>.
next host to add: nis.example.com
next host to add:
next host to add:
The current list of NIS servers looks like this:
nis.example.com
检查
# ls /var/yp/
binding example.com Makefile nicknames
securenets ypservers
8. Service
# ypinit -s nis.example.com
客户机软件安装
过程 15.2. 安装NIS客户端软件
1. NIS客户机需要安装ypbind和yp-tools两个软件包
2. NIS域名
# nisdomainname example.com
3. /etc/hosts
192.168.3.5 nis.example.com
4. /etc/yp.conf
# vim /etc/yp.conf
domain example.com server nis.example.com
5. /etc/nsswitch.conf
# vim /etc/nsswitch.conf
passwd: files nis
shadow: files nis
group: files nis
hosts: files nis dns
6. 启动ypbind服务程序
7. yp-tools 测试工具
yptest 命令可对NIS服务器进行自动测试
# yptest
ypwhich 命令可显示NIS客户机所使用的NIS服务器的主机名称和数据库文件列表
# ypwhich
# ypwhich -x
ypcat命令显示数据库文件列表和指定数据库的内容
# ypcat -x
# ypcat passwd
# chkconfig ypbind on
Authentication Configuration
# authconfig-tui
Use NIS
NIS Settings
application example
nis server:
在NIS服务器上创建一个test用户
# adduser test
# passwd test
# /usr/lib64/yp/ypinit -m
nis client
使用test用户登录到客户机
ssh test@client.example.com
测试
Test 2: ypbind
Used NIS server:
nis.example.com
Test 3: yp_match
WARNING: No such key in map (Map
passwd.byname, key nobody)
Test 4: yp_first
neo
neo:$1$e1nd3pts$s7NikMnKwpL4vUp2LM/N9.:500:500::/home/neo:/bin/bash
Test 5: yp_next
test
test:$1$g4.VCB7i$I/N5W/imakprFdtP02i8/.:502:502::/home/test:/bin/bash
svnroot svnroot:!!:501:501::/home/svnroot:/bin/bash
Test 6: yp_master
nis.example.com
Test 7: yp_order
1271936660
Test 8: yp_maplist
rpc.byname
protocols.bynumber
ypservers
passwd.byname
hosts.byname
rpc.bynumber
group.bygid
services.byservicename
mail.aliases
passwd.byuid
services.byname
netid.byname
protocols.byname
group.byname
hosts.byaddr
Test 9: yp_all
neo
neo:$1$e1nd3pts$s7NikMnKwpL4vUp2LM/N9.:500:500::/home/neo:/bin/bash
test
test:$1$g4.VCB7i$I/N5W/imakprFdtP02i8/.:502:502::/home/test:/bin/bash
svnroot svnroot:!!:501:501::/home/svnroot:/bin/bash
1 tests failed
更改密码
$ yppasswd
Changing NIS account information for test on nis.example.com.
Please enter old password:
Changing NIS password for test on
nis.example.com.
Please enter new password:
Please retype new password:
-bash-3.2$
ypwhich
nis.example.com
ypwhich -x
Use "ethers" for map "ethers.byname"
Use "aliases" for map "mail.aliases"
Use "services" for map "services.byname"
Use "protocols" for map "protocols.bynumber"
Use "hosts" for map "hosts.byname"
Use "networks" for map "networks.byaddr"
Use "group" for map "group.byname"
Use "passwd" for map "passwd.byname"
在NIS服务器中将“/home”输出为NFS共享目录
# vi /etc/exports
/home 192.168.3.0/24(sync,rw,no_root_squash)
重启NFS服务
在NIS客户端中挂载“/home”目录
# vi /etc/fstab
192.168.1.10:/home/ /home nfs defaults 0 0
# mount /home
OpenLDAP
上一页 第 15 章 Network Authentication 下一页
OpenLDAP
Server
1. First, install the OpenLDAP server daemon slapd and ldap-utils, a package containing LDAP
management utilities:
By default the directory suffix will match the domain name of the server. For example, if the
machine's Fully Qualified Domain Name (FQDN) is ldap.example.com, the default suffix will
be dc=example,dc=com. If you require a different suffix, the directory can be reconfigured
using dpkg-reconfigure. Enter the following in a terminal prompt:
2. example.com.ldif
dn: ou=people,dc=example,dc=com
objectClass: organizationalUnit
ou: people
dn: ou=groups,dc=example,dc=com
objectClass: organizationalUnit
ou: groups
dn: uid=john,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: john
sn: Doe
givenName: John
cn: John Doe
dn: cn=example,ou=groups,dc=example,dc=com
objectClass: posixGroup
cn: example
gidNumber: 10000
3. To add the entries to the LDAP directory use the ldapadd utility:
We can check that the content has been correctly added with the tools from the ldap-utils
package. In order to execute a search of the LDAP directory:
dn: uid=john,ou=people,dc=example,dc=com
cn: John Doe
sn: Doe
givenName: John
-x: will not use SASL authentication method, which is the default.
Client
1. libnss-ldap
2. reconfigure ldap-auth-config
3. auth-client-config
4. pam-auth-update.
sudo pam-auth-update
/etc/ldapscripts/ldapscripts.conf
SERVER=localhost
BINDDN='cn=admin,dc=example,dc=com'
BINDPWDFILE="/etc/ldapscripts/ldapscripts.passwd"
SUFFIX='dc=example,dc=com'
GSUFFIX='ou=Groups'
USUFFIX='ou=People'
MSUFFIX='ou=Computers'
GIDSTART=10000
UIDSTART=10000
MIDSTART=10000
Now, create the ldapscripts.passwd file to allow authenticated access to the directory:
Kerberos
上一页 第 15 章 Network Authentication 下一页
Kerberos
http://web.mit.edu/Kerberos/
kerberos是由MIT开发的提供网络认证服务的系统,很早就听说过它的大名,但一直没有使用过它。 它可用来为网
络上的各种server提供认证服务,使得口令不再是以明文方式在网络上传输,并且联接之间通讯是加密的; 它和PKI
认证的原理不一样,PKI使用公钥体制(不对称密码体制),kerberos基于私钥体制(对称密码体制)。
Kerberos 安装
CentOS 安装
获得krb5的安装包
安装
Dependencies Resolved
====================================================================================================
Package Arch
Version Repository Size
====================================================================================================
Installing:
krb5-server x86_64 1.6.1-36.
el5_4.1 updates 914 k
Transaction Summary
====================================================================================================
Install 1 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Installed:
krb5-server.x86_64 0:1.6.1-36.el5_4.1
Complete!
[root@datacenter ~]#Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package krb5-server.x86_64 0:1.6.1-36.el5_4.1 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
====================================================================================================
Package Arch
Version Repository Size
====================================================================================================
Installing:
krb5-server x86_64 1.6.1-36.
el5_4.1 updates 914 k
Transaction Summary
====================================================================================================
Install 1 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Installed:
krb5-server.x86_64 0:1.6.1-36.el5_4.1
Complete!
Install by apt-get
过程 15.3. installation
2. Configuring
OK
Yes
Kerberos Server
http://netkiller.sourceforge.net/linux/ch15s03.html(第 5/12 页)[21/5/2010 21:42:05]
Kerberos
创建Kerberos的本地数据库
2. /etc/krb5.conf
# cp /etc/krb5.conf /etc/krb5.conf.old
# vim /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
EXAMPLE.COM = {
kdc = kerberos.example.com:88
admin_server = kerberos.example.com:749
http://netkiller.sourceforge.net/linux/ch15s03.html(第 6/12 页)[21/5/2010 21:42:06]
Kerberos
default_domain = example.com
}
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
检查下面配置文件 /var/kerberos/krb5kdc/kadm5.acl
格式
创建账号
也同样可以使用下面命令
启动 Kerberos进程
6. Log 文件
Kerberos Client
1. Ticket Management
2. Password Management
Kerberos Management
OpenSSH Authentications
/etc/ssh/sshd_config
KerberosAuthentication yes
FreeRADIUS
上一页 第 15 章 Network Authentication 下一页
FreeRADIUS
I want to authorize Wi-Fi Protected Access with freeradius for Wi-Fi Route.
● debian/ubuntu
● FreeRADIUS
● D-Link DI-624+A
install
OK, we have installed let's quickly test it. the '******' is your password.
User-Name = "netkiller"
User-Password = "******"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Re-sending Access-Request of id 241 to 127.0.0.1 port 1812
User-Name = "netkiller"
User-Password = "******"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=241, length=20
ldap
mysql
WAP2 Enterprise
WRT54G
第 16 章 Sniffer
上一页 部分 II. Network Application 下一页
第 16 章 Sniffer
目录
$ nmap localhost
tcpdump
监控网络但排除 SSH 22 端口
#!/bin/bash
http://netkiller.sourceforge.net/linux/ch16s02.html[21/5/2010 21:42:12]
nc - TCP/IP swiss army knife
http://netkiller.sourceforge.net/linux/ch16s03.html[21/5/2010 21:42:14]
Nessus
Nessus
上一页 第 16 章 Sniffer 下一页
Nessus
http://www.nessus.org/
http://netkiller.sourceforge.net/linux/ch16s04.html[21/5/2010 21:42:16]
第 17 章 OpenSSH
第 17 章 OpenSSH
上一页 部分 II. Network Application 下一页
第 17 章 OpenSSH
目录
安装
# vi /etc/ssh/sshd_config
MaxAuthTries 6
http://netkiller.sourceforge.net/linux/ch17.html[21/5/2010 21:42:18]
disable root SSH login
PermitRootLogin no
http://netkiller.sourceforge.net/linux/ch17s02.html[21/5/2010 21:42:20]
Automatic SSH / SSH without password
AuthorizedKeysFile %h/.ssh/authorized_keys
ssh-keygen
ssh-keygen -d
master server
backup server
交换公钥证书
test
test
注意:authorized_keys权限必须为600,否则可能登陆的时候还会让你输入密码,但是一旦改成600以后并且成功登
陆,此问题不再出现。
script
ssh-keygen -d
cp .ssh/id_dsa.pub .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
ls -l .ssh/
PasswordAuthentication no
http://netkiller.sourceforge.net/linux/ch17s04.html[21/5/2010 21:42:23]
Putty
Putty
上一页 第 17 章 OpenSSH 下一页
Putty
1. config /etc/ssh/sshd_config
AuthorizedKeysFile %h/.ssh/authorized_keys
2. ssh-keygen
neo@master:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/neo/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/neo/.ssh/id_rsa.
Your public key has been saved in /home/neo/.ssh/id_rsa.pub.
The key fingerprint is:
98:35:81:56:fd:b5:87:e4:94:e4:54:b8:b9:0a:4e:80 neo@master
3. authorized_keys
$ mv .ssh/id_rsa.pub .ssh/authorized_keys
or
4. PuTTYgen
closing PuTTYgen
5. Pageant
opening Pageant
to click mouse right key and then select 'Add Key', opening above private key.
6. Putty
Connection -> SSH -> Auth -> Allow agent forwarding, you must checked it
OpenSSH Tunnel
上一页 第 17 章 OpenSSH 下一页
OpenSSH Tunnel
mysql tunnel
testing
SOCKS v5 Tunnel
I prefer 1080 to 7070. the reason is 1080 default for SOCKS port.
http://netkiller.sourceforge.net/linux/ch17s06.html[21/5/2010 21:42:27]
OpenSSH for Windows
http://netkiller.sourceforge.net/linux/ch17s07.html[21/5/2010 21:42:29]
第 18 章 Firewall
第 18 章 Firewall
上一页 部分 II. Network Application 下一页
第 18 章 Firewall
目录
$ sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0
$ cat /proc/sys/net/ipv4/ip_forward
0
enable
sysctl -w net.ipv4.ip_forward=1
or
#redhat
echo 1 > /proc/sys/net/ipv4/ip_forward
#debian/ubuntu
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward;
disable
sysctl -w net.ipv4.ip_forward=0
or
net.ipv4.ip_forward
表 18.1. net.ipv4.ip_forward
$ sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0
try out ping host from 192.168.0.2 to 192.168.0.1 , 172.16.0.1 and 172.16.0.254
sysctl -w net.ipv4.ip_forward=1
Incoming
Traffic
|
|
V
+----------+
|PREROUTING|
+----------+
| raw | <--------------+
| mangle | |
| nat | |
+----------+ |
| |
| |
Routing |
+- Decision -+ |
| | |
| | |
V V |
Local Remote |
Destination Destination |
| | |
| | |
V V |
+--------+ +---------+ |
| INPUT | | FORWARD | |
+--------+ +---------+ |
| mangle | | mangle | |
| filter | | filter | |
+--------+ +---------+ |
| | |
| | |
V | |
Local | |
Machine | |
| | |
| | |
V | |
Routing | |
Decision | |
| | |
| | |
V | |
+--------+ | |
| OUTPUT | | |
+--------+ | |
| raw | | |
| mangle | | |
| nat | | |
| filter | | |
+--------+ | |
| | |
| +-------------+ |
| | POSTROUTING | Local
+----> +-------------+ --> Traffic
| mangle |
| nat |
+-------------+
|
|
V
Outgoing
Traffic
Getting Started
Redhat / CentOS
And to see if iptables is actually running, we can check that the iptables modules are loaded and use the -L
switch to inspect the currently loaded rules:
port-unreachable
# system-config-securitylevel
User-defined Chain
Chains List
列出规则链
列出INPUT,OUTPUT,FORWARD规则
iptables -L
列出NAT规则
iptables -t nat -L
列出过滤规则
iptables -t filter -L
Chains Refresh
刷新规则
/sbin/iptables -F
/sbin/iptables -F -t filter
/sbin/iptables -F -t nat
/sbin/iptables -t nat -P PREROUTING ACCEPT
/sbin/iptables -t nat -P POSTROUTING ACCEPT
/sbin/iptables -t nat -P OUTPUT ACCEPT
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P FORWARD ACCEPT
Chains Admin
创建新链
iptables -N netkiller
删除新链
# iptables -X netkiller
OpenSSH
FTP
DNS
WWW
# WWW
/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# HTTPS
/sbin/iptables -A INPUT -p tcp --dport 443 -j ACCEPT
# Tomcat
/sbin/iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
SOCKS5
Mail Server
# SMTP
/sbin/iptables -A INPUT -p tcp --dport 25 -j ACCEPT
# SMTPS
/sbin/iptables -A INPUT -p tcp --dport 465 -j ACCEPT
# POP3
http://netkiller.sourceforge.net/linux/ch18s02.html(第 4/10 页)[21/5/2010 21:42:34]
iptables - administration tools for packet filtering and NAT
MySQL
PostgreSQL
DHCP
Samba
ICMP
accept_redirects
# echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects
or
# sysctl net.ipv4.conf.all.accept_redirects="0"
使自己不能ping 通 127.0.0.1
iptables -A INPUT -s 127.0.0.1 -p icmp -j DROP
192.168.0.0/24 网段无法ping能本机
iptables -A INPUT -s 192.168.0.0/24 -p icmp -j DROP
禁所有机器
# iptables -A INPUT -s 0/0 -p icmp -j DROP
# ICMP(PING) 接受 ! echo-request
iptables -A INPUT -p icmp --icmp-type ! echo-request -
j ACCEPT
禁止IP访问自己
DENY
outbound
ICMP
本地不允许ping 192.168.0.0/24
iptables -A OUTPUT -s 192.168.0.0/24 -p icmp -j DROP
禁所本地ping任何机器
# iptables -A OUTPUT -s 0/0 -p icmp -j DROP
# ICMP(PING) 接受 ! echo-request
iptables -A OUTPUT -p icmp --icmp-type ! echo-request -j ACCEPT
禁止自己访问某个IP
Forward
TCPMSS
# The following rules drop all TCP traffic that attempts to use port 31337:
iptables -A OUTPUT -o eth0 -p tcp --dport 31337 --sport 31337 -j DROP
iptables -A FORWARD -o eth0 -p tcp --dport 31337 --sport 31337 -j DROP
Interfaces
IP Addresses
RELATED — A packet that is requesting a new connection but is part of an existing connection. For example, FTP uses port 21 to establish a connection, but data is transferred on a different port (typically port 20).
INVALID — A packet that is not part of any connections in the connection tracking table.
NAT
Redirect
重定向规则
端口重定向
# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 21 -j REDIRECT --to-port 2401
将80端口重定向到8080
# iptables -t nat -A PREROUTING -j REDIRECT -p tcp --destination-port 80 --to-
ports 8080
端口转发
Prerouting
If you have a default policy of DROP in your FORWARD chain, you must append a rule to forward all
incoming HTTP requests so that destination NAT routing is possible. To do this, use the following command:
This rule forwards all incoming HTTP requests from the firewall to the intended destination; the Apache
HTTP Server behind the firewall.
DMZ zone
#
# DMZ zone
#
$iptables -t nat -A PREROUTING -p TCP -m multiport -i eth0 --dport
22,25,113,80,8080 -j DNAT --to 10.0.0.10
$iptables -t nat -A PREROUTING -p UDP -i eth0 --dport 25 -j DNAT --to-
destination 10.0.0.10
DNAT ppp0/eth0
IPV6
1. Installation
plugin="/usr/lib/ulogd/ulogd_LOGEMU.so"
3. Configure MYSQL
plugin="/usr/lib/ulogd/ulogd_MYSQL.so"
[MYSQL]
table="ulog"
pass="ulog"
user="ulog"
db="ulogd"
host="localhost"
create database
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> exit;
Bye
neo@master:~$
4. Iptables
5. Starting
logemu
mysql
| 1 | 00:0c:29:b0:6b:d0:00:50:56:c0:00:08:08:00 |
| 2 | 00:0c:29:b0:6b:d0:00:50:56:c0:00:08:08:00 |
| 3 | 00:0c:29:b0:6b:d0:00:50:56:c0:00:08:08:00 |
| 4 | 00:0c:29:b0:6b:d0:00:50:56:c0:00:08:08:00 |
| 5 | 00:0c:29:b0:6b:d0:00:50:56:c0:00:08:08:00 |
| 6 | 00:0c:29:b0:6b:d0:00:50:56:c0:00:08:08:00 |
| 7 | 00:0c:29:b0:6b:d0:00:50:56:c0:00:08:08:00 |
| 8 | 00:0c:29:b0:6b:d0:00:50:56:c0:00:08:08:00 |
| 9 | 00:0c:29:b0:6b:d0:00:50:56:c0:00:08:08:00 |
+----+--------------------------------------------+
9 rows in set (0.00 sec)
共有四个参数可供使用:
1.--ulog-nlgroup
iptables -A INPUT -p TCP --dport 22 -j ULOG --ulog-nlgroup 2
指定向哪个netlink组发送包,比如-- ulog-nlgroup 2。一共有32个netlink组,它们被简单地编号位1-32。默认值是1。
2.--ulog-prefix
iptables -A INPUT -p TCP --dport 22 -j ULOG --ulog-prefix "SSH connection attempt: "
指定记录信息的前缀,以便于区分不同的信息。使用方法和 LOG的prefix一样,只是长度可以达到32个字符。
3.--ulog-cprange
iptables -A INPUT -p TCP --dport 22 -j ULOG --ulog-cprange 100
指定每个包要向“ULOG在用户空间的代理”发送的字节数,如--ulog-cprange 100,
表示把整个包的前100个字节拷贝到用户空间记录下来,其中包含了这个包头,还有一些包的引导数据。默认值是
0,表示拷贝整个包,不管它有多大。
4.--ulog-qthreshold
iptables -A INPUT -p TCP --dport 22 -j ULOG --ulog-qthreshold 10
告诉ULOG在向用户空间发送数据以供记录之前,要在内核里收集的包的数量,如--ulog-qthreshold 10。
这表示先在内核里积聚10个包,再把它们发送到用户空间里,它们会被看作同一个netlink的信息,只是由好几部分
组成罢了。
默认值是1,这是为了向后兼容,因为以前的版本不能处理分段的信息
3. Default Rule
4. Rule Allow|Deny
打开或关闭某个端口,例如:
UFW 使用范例
UFW 使用范例:
允许 53 端口
禁用 53 端口
允许 80 端口
禁用 80 端口
允许 smtp 端口
删除 smtp 端口的许可
允许某特定 IP
删除上面的规则
5. Status
To Action From
-- ------ ----
25:tcp ALLOW Anywhere
22:tcp ALLOW Anywhere
22:udp ALLOW Anywhere
80:tcp ALLOW Anywhere
80:udp ALLOW Anywhere
6. Rule Delete
To Action From
-- ------ ----
25:tcp ALLOW Anywhere
22:tcp ALLOW Anywhere
22:udp ALLOW Anywhere
80:tcp ALLOW Anywhere
80:udp ALLOW Anywhere
To Action From
-- ------ ----
22:tcp ALLOW Anywhere
22:udp ALLOW Anywhere
80:tcp ALLOW Anywhere
80:udp ALLOW Anywhere
7. logging
8. iptales
type MULTICAST
RETURN all -- anywhere anywhere ADDRTYPE match dst-
type BROADCAST
LOG all -- anywhere anywhere limit: avg 3/min
burst 10 LOG level warning prefix `[UFW BLOCK NOT-TO-ME]: '
DROP all -- anywhere anywhere
/etc/default/ufw
# set to yes to apply rules to support IPv6 (no means only IPv6 on loopback
# accepted). You will need to 'disable' and then 'enable' the firewall for
# the changes to take affect.
IPV6=no
# set the default input policy to ACCEPT, DROP or REJECT. Please note that if
# you change this you will most likely want to adjust your rules
DEFAULT_INPUT_POLICY="DROP"
# set the default output policy to ACCEPT, DROP, or REJECT. Please note that
# if you change this you will most likely want to adjust your rules
DEFAULT_OUTPUT_POLICY="ACCEPT"
# set the default forward policy to ACCEPT, DROP or REJECT. Please note that
# if you change this you will most likely want to adjust your rules
#DEFAULT_FORWARD_POLICY="DROP"
DEFAULT_FORWARD_POLICY="ACCEPT"
# set the default application policy to ACCEPT, DROP, REJECT or SKIP. Please
# note that setting this to ACCEPT may be a security risk. See 'man ufw' for
# details
DEFAULT_APPLICATION_POLICY="SKIP"
# By default, ufw only touches its own chains. Set this to 'yes' to have ufw
# manage the built-in chains too. Warning: setting this to 'yes' will break
#
# IPT backend
#
# only enable if using iptables backend
IPT_SYSCTL=/etc/ufw/sysctl.conf
ip_forward
DHCP
Samba
Firestarter
Firewall Builder
http://netkiller.sourceforge.net/linux/ch18s05.html[21/5/2010 21:42:41]
Shorewall Tools
Shorewall Tools
上一页 第 18 章 Firewall 下一页
Shorewall Tools
Shorewall Tools
install
过程 18.1. configure
1. interfaces
your net cards: eth0 and eth1, ppp0 is pppoe virtual net adapter
2. zones
network alias
3. masq
配置IP伪装
ppp0 eth0
4. rules
#
# 允许 DNS 从 防火墙 连接到 Internet
#
AllowDNS fw net
#
# 允许本地网络可以使用 SSH 来管理服务器
#
AllowSSH loc fw
#
# 允许 Ping 到防火墙和允许防火墙 Ping 其它网络
#
AllowPing loc fw
AllowPing net fw
AllowPing fw loc
AllowPing fw net
#
# 允许 Internet 访问防火墙上的 WEB 服务
#
AllowWeb net fw
#
# 允许 Internet 访问防火墙上的 FTP 服务
#
AllowFTP net fw
#
# 允许 Internet 访问防火墙上的 邮件 服务
#
AllowSMTP net fw
AllowIMAP net fw
#
# 允许本地网络可以访问 Internet
#
AllowWeb loc net
#
# 允许本地网络可以收发邮件
#
AllowSMTP loc net
AllowIMAP loc net
AllowPOP3 loc net
#
# 允许本地网络使用 FTP 到 Internet
#
AllowFTP loc net
#
# 允许本地网络从 Internet 查询 DNS
#
AllowDNS loc net
#
# 允许本地网络使用 NSM
#
ACCEPT loc net tcp 1863
ACCEPT loc net tcp 443
ACCEPT loc net:gateway.messenger.hotmail.com all
#
# 将WEB访问重新定向到 3128 ,通过squid完成访问 ,访问服务器地址 192.168.0.1 除外。
#
#REDIRECT loc 3128 tcp www - !192.168.0.1
5. 修改 shorewall.conf
自动开启 IP 转发
查找 IP_FORWARDING=Keep 改为On
IP_FORWARDING=On
6. 修改 /etc/default/shorewall 自动运行防火墙
startup=0
改为
startup=1
7. 启动防火墙
Endian Firewall
上一页 第 18 章 Firewall 下一页
Endian Firewall
http://www.endian.com/
http://netkiller.sourceforge.net/linux/ch18s07.html[21/5/2010 21:42:44]
Smooth Firewall
Smooth Firewall
上一页 第 18 章 Firewall 下一页
Smooth Firewall
http://netkiller.sourceforge.net/linux/ch18s08.html[21/5/2010 21:42:46]
第 19 章 OpenVPN (openvpn - Virtual Private Network daemon)
Openvpn Server
Openvpn Client
OpenVPN GUI for Windows
Windows Server
Windows Client
point-to-point VPNs
源码安装
vpn 案例
http://openvpn.net/
Openvpn Server
Ubuntu/Debian 环境安装
1. 相关软件包
● config file
/etc/openvpn/
● share
/usr/share/openvpn/
● doc
/usr/share/doc/openvpn/
● example
/usr/share/doc/openvpn/examples/
2. CREATE KEYS FOR THE SERVER AND THE CLIENTS
netkiller@shenzhen:~$ cd /usr/share/doc/openvpn/examples/easy-rsa/2.0
netkiller@shenzhen:/usr/share/doc/openvpn/examples/easy-rsa/2.0$ ls
build-ca build-dh build-inter build-key build-key-pass build-key-pkcs12
build-key-server build-req build-req-pass clean-all inherit-inter list-
crl Makefile openssl-0.9.6.cnf.gz openssl.cnf pkitool README.gz revoke-
full sign-req vars whichopensslcnf
export KEY_COUNTRY="CN"
export KEY_PROVINCE="GD"
export KEY_CITY="Shenzhen"
export KEY_ORG="http://netkiller.8800.org"
export KEY_EMAIL="openunix@163.com"
● build-ca
● build-key-server server
● build-key client1
● build-dh
a. vars and clean-all
b. build-ca
netkiller@shenzhen:/usr/share/doc/openvpn/examples/easy-rsa/2.0$ ./build-ca
Generating a 1024 bit RSA private key
..........................++++++
.............++++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [GD]:
Locality Name (eg, city) [Shenzhen]:
Organization Name (eg, company) [http://netkiller.8800.org]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) [http://netkiller.8800.org CA]:
Email Address [openunix@163.com]:
c. build-key-server server
You will have to answer the same questions above. It will ask you for a password, I suggest you don’t put
a password when it ask.
netkiller@shenzhen:/usr/share/doc/openvpn/examples/easy-rsa/2.0$ ./build-key-
server server
Generating a 1024 bit RSA private key
...................................++++++
...........................................++++++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
And once again you will need to answer the questions above. I still don’t recommend you putting a password as
it can cause problems when I have tried.
注意在进入 Common Name (eg, your name or your server's hostname) []: 的输入时, 每个证书输入的名字必须不同.
e. build-dh
netkiller@shenzhen:/usr/share/doc/openvpn/examples/easy-rsa/2.0$ ./build-dh
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
..........+................................................
+..............+...........+.
+.................................................
+...............
+............................................
+.................................................................................................
+.....................................................................
+..................+....................
+.......+......................................
+....................................+....+..
+...................................
+............................................................+...+..+..........
+.....+..................+.........+.........+....
+..........+...........................................................+..
+..+......................................................................+......
+..+.....................
+......................
+.............................................................................
+.......................................+................
+.........................
+.............................................
+.....................
+.......................................................................................
+..................................................................
+.......................................................................................................................................
+....+.................
+....................................................
+.................................................+.
+.........................
+............................................+..............
+.........+........................+.......
+...................................
+.....................+..............................+..............
+.....+...................+..........................................
http://netkiller.sourceforge.net/linux/ch19.html(第 5/12 页)[21/5/2010 21:42:51]
第 19 章 OpenVPN (openvpn - Virtual Private Network daemon)
+.........
+............................................................
+.....................................................................................................................................
+......................................................................................................................................................
+............................+....
+.......
+...........................................................................................................................................
+.................................................................................
+..............................................................................................
+...............................+.............................................
+......+...............................................
+............
+...............................................................+........
+......
+.............................................................................................................
+........................+..
+............
+.............................................
+............................
+...................
+...........................................................
+............................................................
+.................................................................................................................................................
++*++*++*
If you do a list command in the keys folder you should have something like:
netkiller@shenzhen:/usr/share/doc/openvpn/examples/easy-rsa/2.0$ ls keys/
01.pem ca.crt client1.crt client1.key index.txt index.txt.attr.
old serial server.crt server.key
02.pem ca.key client1.csr dh1024.pem index.txt.attr index.txt.old
serial.old server.csr
Copy the files ca.crt, ca.key, dh1024.pem, server.crt, and server.key to the /etc/openvpn/keys
netkiller@shenzhen:/usr/share/doc/openvpn/examples/easy-rsa/2.0$ cd keys/
netkiller@shenzhen:/usr/share/doc/openvpn/examples/easy-rsa/2.0/keys$ sudo cp
keys/ca.key keys/ca.crt keys/dh1024.pem keys/server.key keys/server.crt /etc/openvpn/
We will worry about the client files after we configure the client config file.
netkiller@shenzhen:/usr/share/doc/openvpn/examples/sample-config-files$ sudo
gunzip server.conf.gz
netkiller@shenzhen:/usr/share/doc/openvpn/examples/sample-config-files$ sudo
cp server.conf /etc/openvpn/
netkiller@shenzhen:/usr/share/doc/openvpn/examples/sample-config-files$ cd /
etc/openvpn/
netkiller@shenzhen:/etc/openvpn$
为用户添加路由
例 19.1. server.conf
#################################################
# Sample OpenVPN 2.0 config file for #
# multi-client server. #
# #
# This file is for the server side #
# of a many-clients <-> one-server #
# OpenVPN configuration. #
# #
# OpenVPN also supports #
# single-machine <-> single-machine #
# configurations (See the Examples page #
# on the web site for more info). #
# #
# This config should work on Windows #
# or Linux/BSD systems. Remember on #
# Windows to quote pathnames and use #
# double backslashes, e.g.: #
# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
# #
# Comments are preceded with '#' or ';' #
#################################################
dev tun
test
4. Start
Openvpn Client
第 19 章 OpenVPN (openvpn - Virtual Private
上一页 下一页
Network daemon)
Openvpn Client
$ cd /usr/share/doc/openvpn/examples/easy-
rsa/2.0
$ cp keys/ca.crt keys/client1.crt keys/client1.key /etc/
openvpn/
例 19.2. client.conf
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
;group nogroup
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca ca.crt
cert client1.crt
key client1.key
Windows Server
1. http://openvpn.se/
http://openvpn.se/files/install_packages/openvpn-2.0.9-gui-1.0.3-install.exe
下载安装后,会在系统托盘上显示图标.这时并不能使用,使用创建配置文件后托盘图标才会显示连接菜单
2. 创建证书
编辑vars.bat
set KEY_COUNTRY=CN
set KEY_PROVINCE=GD
set KEY_CITY=Shenzhen
set KEY_ORG=netkiller.org.cn
set KEY_EMAIL=openunix@163.com
C:\Program Files\OpenVPN\easy-rsa>clean-all.bat
C:\Program Files\OpenVPN\easy-rsa>vars.bat
创建CA证书
C:\Program Files\OpenVPN\easy-rsa>build-ca.bat
Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
......++++++
......++++++
writing new private key to 'keys\ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [GD]:
Locality Name (eg, city) [Shenzhen]:
Organization Name (eg, company) [netkiller.org.cn]:
Organizational Unit Name (eg, section) []:vpn
Common Name (eg, your name or your server's hostname) []:netkiller.org.cn
Email Address [openunix@163.com]:
C:\Program Files\OpenVPN\easy-rsa>
dh
C:\Program Files\OpenVPN\easy-rsa>build-dh.bat
Loading 'screen' into random state - done
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
..........................+...................+.................................
.................................+...........+.....................+.......+....
...............................................................+..+.............
.+.......................................+......................................
...+..+...........+................................+............................
................................................+.....+.........................
................................................+.....+......+..................
....................................+...........................................
.........................................................................+.....+
.......................................+.....................+..................
....+...........................................................................
......................+............................+............................
................................................................................
................................................................................
............................+.................+......................+......+...
.............+...................+..............................................
.................+............................................+.................
................................................................................
................................+....+.................+........................
...................+.......+....................................................
..+...............+.............................................................
................................................................................
...............................................................+................
.......+.........................................................++*++*++*
C:\Program Files\OpenVPN\easy-rsa>
server key
C:\Program Files\OpenVPN\easy-rsa>
client key
C:\Program Files\OpenVPN\easy-rsa>
3. 配置
例 19.3. server.ovpn
#################################################
# Sample OpenVPN 2.0 config file for #
# multi-client server. #
# #
# This file is for the server side #
# of a many-clients <-> one-server #
# OpenVPN configuration. #
# #
# OpenVPN also supports #
# single-machine <-> single-machine #
# configurations (See the Examples page #
# on the web site for more info). #
# #
# This config should work on Windows #
# or Linux/BSD systems. Remember on #
# Windows to quote pathnames and use #
# double backslashes, e.g.: #
# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
# #
# Comments are preceded with '#' or ';' #
#################################################
;dev tap
dev tun
Windows Client
1. 配置文件
编辑client.ovpn文件
例 19.4. client.ovpn
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca ca.crt
cert client1.crt
key client1.key
2. 连接到VPN服务器
托盘图标上->右键->选择 [Connect] 菜单
point-to-point VPNs
第 19 章 OpenVPN (openvpn - Virtual Private Network
上一页 下一页
daemon)
point-to-point VPNs
过程 19.5. This example demonstrates a bare-bones point-to-point OpenVPN configuration.
$ cd /etc/openvpn/
$ sudo openvpn --genkey --secret static.key
$ cd /usr/share/doc/openvpn/examples/sample-config-files
$ sudo cp static-office.conf office.up /etc/openvpn/
static-office.conf
$ cd /usr/share/doc/openvpn/examples/sample-config-files
$ sudo cp static-home.conf home.up /etc/openvpn/
$ cd /etc/openvpn/
$ scp user@netkiller.8800.org:/etc/openvpn/static.key .
static-home.conf
remote netkiller.8800.org
\config
源码安装
上一页 第 19 章 OpenVPN (openvpn - Virtual Private Network daemon) 下一页
源码安装
过程 19.6. OpenVPN 编译安装步骤
1. 安装liblzo,libssl支持库
2. 取得安装包
3. 编译安装
4. 配置文件
例 19.5. openvpn.conf
5. 创建证书
修改vars文件的环境变量
netkiller@neo:/usr/local/openvpn$ cd /usr/share/openvpn/
netkiller@neo:/usr/share/openvpn$
root@neo:/home/netkiller/openvpn-2.1_rc1/sample-config-files# cp * /etc/openvpn/
root@neo:/home/netkiller/openvpn-2.1_rc1/sample-config-files# cd /etc/openvpn/
6. 启动
7. Script
/etc/init.d/openvpn
#!/bin/bash
# vpn init file for OpenVPN
#
# chkconfig: - 100 100
# description: OpenVPN is a full-featured SSL VPN solution which can accomodate
a wide range of configurations,
# including remote access, site-to-site VPNs,
WiFi security,
# and enterprise-scale remote access solutions
with load balancing, failover,
# and fine-grained access-controls
# as it is designed and optimized for high
performance environments.
# author: Neo Chen<openunix@163.com>
#
# processname: $PROG
# config:
# pidfile: /var/run/openvpn
PREFIX=/usr/local/openvpn
PROG=$PREFIX/sbin/openvpn
OPTIONS="-f /usr/local/openvpn/etc/openvpn.conf"
USER=daemon
RETVAL=0
prog="openvpn"
start() {
echo -n $"Starting $prog: "
if [ $UID -ne 0 ]; then
RETVAL=1
failure
else
daemon --user=$USER $PROG $OPTIONS
RETVAL=$?
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/openvpn
fi;
echo
return $RETVAL
}
stop() {
echo -n $"Stopping $prog: "
if [ $UID -ne 0 ]; then
RETVAL=1
failure
else
killproc $PROG
RETVAL=$?
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/openvpn
fi;
echo
return $RETVAL
}
reload(){
echo -n $"Reloading $prog: "
killproc $PROG -HUP
RETVAL=$?
echo
return $RETVAL
}
restart(){
stop
start
}
condrestart(){
[ -e /var/lock/subsys/openvpn ] && restart
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
reload)
reload
;;
condrestart)
condrestart
;;
status)
status openvpn
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|reload}"
RETVAL=1
esac
exit $RETVAL
添加x权限
vpn 案例
第 19 章 OpenVPN (openvpn - Virtual Private
上一页 下一页
Network daemon)
vpn 案例
ping 10.8.0.1 OK
ping 172.16.0.1 OK
ping 172.16.0.254 OK
例 19.6. office.conf
office
#################################################
# Sample OpenVPN 2.0 config file for #
# multi-client server. #
# #
# This file is for the server side #
# of a many-clients <-> one-server #
# OpenVPN configuration. #
# #
# OpenVPN also supports #
# single-machine <-> single-machine #
# configurations (See the Examples page #
# on the web site for more info). #
# #
# This config should work on Windows #
# or Linux/BSD systems. Remember on #
# Windows to quote pathnames and use #
# double backslashes, e.g.: #
# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
# #
# Comments are preceded with '#' or ';' #
#################################################
#
# You can uncomment this out on
# non-Windows systems.
;user nobody
;group nogroup
例 19.7. home.ovpn
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca ca.crt
cert client.crt
key client.key
第 20 章 pptpd
上一页 部分 II. Network Application 下一页
第 20 章 pptpd
过程 20.1. pptpd 安装步骤
1. install
localip 172.16.0.1
remoteip 172.16.0.50-100
ms-dns 208.67.222.222
ms-dns 208.67.220.220
5. restart
refresh status
$ sudo sysctl -p
net.ipv4.ip_forward = 1
7. NAT
8. firewall
MTU
还有一个最简单的修改mtu的办法:
$ sudo vim /etc/ppp/ip-up.local
!/bin/bash
第 21 章 Ipsec VPN
上一页 部分 II. Network Application 下一页
第 21 章 Ipsec VPN
目录
http://netkiller.sourceforge.net/linux/ch21.html[21/5/2010 21:43:08]
strongswan - IPSec utilities for strongSwan
http://netkiller.sourceforge.net/linux/ch21s02.html[21/5/2010 21:43:11]
ipsec-tools - IPsec tools for Linux
http://netkiller.sourceforge.net/linux/ch21s03.html[21/5/2010 21:43:12]
第 22 章 Stunnel - universal SSL tunnel
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure
Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL
aware daemons and protocols (like POP, IMAP, LDAP, etc) by having Stunnel provide the
encryption, requiring no changes to the daemon's code.
1. install
2. enable stunnel
$ vim /etc/default/stunnel4
# /etc/default/stunnel
# Julien LEMOINE <speedblue@debian.org>
# September 2003
[imaps]
accept = 993
connect = 143
[ssmtp]
accept = 465
connect = 25
[https]
accept = 443
connect = 80
4. start
Listen
VirtualHost
Module
Output a list of modules compiled into the server.
Apache Status
Alias / AliasMatch
Redirect / RedirectMatch
Rewrite
Proxy
deflate
mod_expires
Apache Log
跟踪用户的cookie
Charset
PHP 5
Mod Perl
Error Prompt
Invalid command 'Order', perhaps misspelled or defined by a module not included
in the server configuration
Invalid command 'AuthUserFile', perhaps misspelled or defined by a module not
included in the server configuration
26. Tomcat 安装与配置
install java
install tomcat
Connector
mod_jk
mod_proxy_ajp
RewriteEngine 连接 Tomcat
Testing file
Script 1
Shell Script 2
27. Resin
安装Resin
Debian/Ubuntu
源码安装Resin
Compiling mod_caucho.so
28. Application Service
Zope
上一页 下一页
/usr/sbin/lighty-enable-mod fastcgi
/usr/sbin/lighty-disable-mod fastcgi
http://netkiller.sourceforge.net/linux/ch23.html[21/5/2010 21:43:18]
to compile and then install lighttpd
立即下载
cd /usr/local/src/
wget http://www.lighttpd.net/download/lighttpd-1.4.15.tar.gz
tar zxvf lighttpd-1.4.15.tar.gz
cd lighttpd-1.4.15
2. 编译安装
./configure --prefix=/usr/local/lighttpd-1.4.15 \
--with-bzip2 \
--with-memcache
make
make install
3. 创建目录与配置文件
ln -s /usr/local/lighttpd-1.4.15/ /usr/local/lighttpd
mkdir -p /www/pages
mkdir /www/logs
mkdir /usr/local/lighttpd/htdocs
mkdir /usr/local/lighttpd/logs
mkdir /usr/local/lighttpd/etc
cp ./doc/lighttpd.conf /usr/local/lighttpd/etc/
cd /usr/local/lighttpd/
4. 配置lighttpd.conf
vi etc/lighttpd.conf
找到 server.modules
删除 mod_fastcgi 前的注释
跟据你的需求修改下面定义
server.document-root = "/usr/local/lighttpd/htdocs/"
server.errorlog = "/usr/local/lighttpd/logs/lighttpd.error.log"
accesslog.filename = "/usr/local/lighttpd/logs/access.log"
注释 $HTTP["url"]
#$HTTP["url"] =~ "\.pdf$" {
# server.range-requests = "disable"
#}
5. 运行lighttpd
/usr/local/lighttpd/sbin/lighttpd -f /usr/local/lighttpd/etc/lighttpd.conf
测试
shell script
lighttpd script
例 23.1. /etc/init.d/lighttpd
#!/bin/bash
# lighttpd init file for web server
#
# chkconfig: - 100 100
# description: Security, speed, compliance, and flexibility--all of these describe
LightTPD which is rapidly redefining efficiency of a webserver;
# as it is designed and optimized for high performance
environments.
# author: Neo Chen<openunix@163.com>
#
# processname: $PROG
# config:
# pidfile: /var/run/lighttpd
PREFIX=/usr/local/lighttpd
PROG=$PREFIX/sbin/lighttpd
OPTIONS="-f /usr/local/lighttpd/etc/lighttpd.conf"
USER=daemon
RETVAL=0
prog="lighttpd"
start() {
echo -n $"Starting $prog: "
if [ $UID -ne 0 ]; then
RETVAL=1
failure
else
daemon --user=$USER $PROG $OPTIONS
RETVAL=$?
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/lighttpd
fi;
echo
return $RETVAL
}
stop() {
echo -n $"Stopping $prog: "
if [ $UID -ne 0 ]; then
RETVAL=1
failure
else
killproc $PROG
RETVAL=$?
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/lighttpd
fi;
echo
return $RETVAL
}
reload(){
echo -n $"Reloading $prog: "
killproc $PROG -HUP
RETVAL=$?
echo
return $RETVAL
}
restart(){
stop
start
}
condrestart(){
[ -e /var/lock/subsys/lighttpd ] && restart
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
reload)
reload
;;
condrestart)
condrestart
;;
status)
status lighttpd
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|reload}"
RETVAL=1
esac
exit $RETVAL
Module
上一页 第 23 章 Lighttpd and fastcgi 下一页
Module
simple-vhost
simple-vhost.default-host = "www.example.com"
$ mkdir -p /var/www/www.example.com/html
enable fastcgi
enable fastcgi
ssl
启用 ssl 模块
创建 ssl 证书
$ sudo openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
$ sudo chmod 400 server.pem
redirect
rewrite
example 1
example 2
$HTTP["host"] =~ "^.*\.(6600.org)$" {
url.rewrite-once = ( "^/(.*)" => "/index.php/$1" )
}
example 3
$HTTP["host"] =~ "^.*\.(6600.org)$" {
url.rewrite = (
"^/(images|stylesheet).*" => "/$0",
"^/(.*)" => "/index.php/$1"
)
}
alias.url
$HTTP["host"] =~ "^.*\.(6600.org)$" {
alias.url = (
"/images" => "/home/neo/workspace/Development/photography/application/
photography/images",
"/stylesheet" => "/home/neo/workspace/Development/photography/application/
photography/stylesheet"
)
}
auth
enable auth
/etc/lighttpd/conf-enabled/05-auth.conf
auth.backend = "plain"
auth.backend.plain.userfile = "/etc/lighttpd/.secret"
compress module
创建cache目录
mkdir -p /tmp/lighttpd/cache/compress/
配置lighttpd.conf文件
找到server.modules列表,去掉"mod_compress"注释,再打开compress module的注释
php.ini
zlib.output_compression = On
zlib.output_handler = On
最后使用telnet测试
telnet www.bg7nyt.cn 80
看到乱码输出,而非HTML,表示配置成功.
mod_expire
$HTTP["url"] =~ "^/images/" {
expire.url = ( "" => "access 1 hours" )
status
fastcgi
上一页 第 23 章 Lighttpd and fastcgi 下一页
fastcgi
PHP
php fastcgi
编译安装PHP
1. 下载PHP
cd /usr/local/src/
wget http://cn2.php.net/get/php-5.2.3.tar.bz2/from/cn.php.net/mirror
tar jxvf php-5.2.3.tar.bz2
cd php-5.2.3
2. configure
./configure --prefix=/usr/local/php-5.2.3 \
--with-config-file-path=/usr/local/php-5.2.3/etc \
--enable-fastcgi \
--enable-force-cgi-redirect \
--with-curl \
--with-gd \
--with-ldap \
--with-snmp \
--enable-zip \
--enable-exif \
--with-pdo-mysql \
--with-pdo-pgsql \
make
make test
make install
其它有用的模块
--enable-pcntl
3. 符号连接
ln -s /usr/local/php-5.2.3 /usr/local/php
ln -s /usr/local/php/bin/php /usr/local/bin/php
4. php.ini
cp php.ini-dist /usr/local/php/etc/php.ini
5. env
PHP_FCGI_CHILDREN=384
php -v
显示(cgi-fcgi)表示正确
# cd /usr/local/php/
# bin/php -v
PHP 5.2.2 (cgi-fcgi) (built: May 25 2007 15:50:28)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
(cgi-fcgi)不能正常工作
# bin/php -m
[PHP Modules]
cgi-fcgi
ctype
date
dom
filter
gd
hash
iconv
json
ldap
libxml
mssql
pcre
PDO
pdo_mysql
pdo_sqlite
posix
Reflection
session
SimpleXML
snmp
SPL
SQLite
standard
tokenizer
xml
xmlreader
xmlwriter
zip
[Zend Modules]
apt-get install
参考php安装
找到 fastcgi.server 去掉注释
bin-path 改为PHP程序安装目录
下面例子更复杂一些
1. /usr/local/lighttpd/etc/lighttpd.conf
include /usr/local/lighttpd/etc/php-fastcgi.conf
2. /usr/local/lighttpd/etc/php-fastcgi.conf
3. PHP FastCGI环境测试
curl http://127.0.0.1/index.php
Python
Django
wget http://www.djangoproject.com/download/0.96/tarball/
tar zxvf Django-0.96.tar.gz
cd Django-0.96
python setup.py install
生成项目
web server
cd newtest/
./manage.py runserver
helloworld.py
def index(request):
return HttpResponse("Hello, Django.")
urls.py
urlpatterns = patterns('',
# Example:
# (r'^newtest/', include('newtest.foo.urls')),
(r'^$', 'newtest.helloworld.index'),
# (r'^admin/', include('django.contrib.admin.urls')),
)
启动Web Server
# ./manage.py runserver
Validating models...
0 errors found.
curl http://127.0.0.1:8000/
Debian/Ubuntu
采用源码安装
首先确认jpeg库是否安装
然后修改头文件
Imaging-1.1.6/libImaging
#include "/usr/include/jpeglib.h"
Perl
The examples also use a virtual host regexp that matches either www.myapp.com or myapp.com
$HTTP["host"] =~ "^(www.)?mysite.com"
MyApp/script/myapp_fastcgi.pl -l /tmp/myapp.socket -n 5 -d
lighttpd.conf
server.document-root = "/var/www/MyApp/root"
fastcgi.server = (
"" => (
"MyApp" => (
"socket" => "/tmp/myapp.socket",
"check-local" => "disable"
)
)
)
restart lighttpd
Testing
http://127.0.0.1/
例 23.2. fastcgi.conf
fastcgi.server = (
"" => (
"MyApp" => (
"socket" => "/tmp/myapp.socket",
"check-local" => "disable",
"bin-path" => "/var/www/MyApp/script/myapp_fastcgi.pl",
"min-procs" => 2,
"max-procs" => 5,
"idle-timeout" => 20
)
)
)
第 24 章 Nginx
上一页 部分 III. Web Application 下一页
第 24 章 Nginx
目录
/etc/init.d/nginx start
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
include fastcgi_params;
}
Spawn-fcgi
We still need a script to start our fast cgi processes. We will extract one from Lighttpd. and then disable
#!/bin/sh
/usr/bin/spawn-fcgi -a 127.0.0.1 -p 9000 -u www-data -f /usr/bin/php5-
cgi
fastcgi daemon
This is also a new empty file, add the following and save:
#!/bin/bash
PHP_SCRIPT=/usr/bin/php-fastcgi
RETVAL=0
case "$1" in
start)
$PHP_SCRIPT
RETVAL=$?
;;
stop)
killall -9 php
RETVAL=$?
;;
restart)
killall -9 php
$PHP_SCRIPT
RETVAL=$?
;;
*)
echo "Usage: nginx-fastcgi {start|stop|restart}"
exit 1
;;
esac
exit $RETVAL
installing by source
上一页 第 24 章 Nginx 下一页
installing by source
http://netkiller.sourceforge.net/linux/ch24s02.html[21/5/2010 21:43:28]
第 25 章 LAMP
第 25 章 LAMP
上一页 部分 III. Web Application 下一页
第 25 章 LAMP
目录
Install
Quick install apache with aptitude
XAMPP for Linux
Compile and then install Apache
Automation Installing
Apache 调优
worker
Listen
VirtualHost
Module
Output a list of modules compiled into the server.
Apache Status
Alias / AliasMatch
Redirect / RedirectMatch
Rewrite
Proxy
deflate
mod_expires
Apache Log
跟踪用户的cookie
Charset
PHP 5
Mod Perl
Error Prompt
Invalid command 'Order', perhaps misspelled or defined by a module not included in the server configuration
Invalid command 'AuthUserFile', perhaps misspelled or defined by a module not included in the server
configuration
Install
command
rewrite module
PHP module
deflate module
ssl module
a2enmod ssl
a2ensite ssl
/etc/apache2/httpd.conf 加入
ServerName 220.201.35.11
安全模块
NameVirtualHost *
NameVirtualHost *:443
VirtualHost
VirtualHost 虚拟主机
#NameVirtualHost neo.6600.org
<VirtualHost 220.201.35.11>
ServerAdmin openx@163.com
DocumentRoot /home/netkiller/www
ServerName neo.6600.org
ServerAlias www.neo.6600.org
<Directory /home/netkiller/www>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
# Uncomment this directive is you want to see apache2's
# default start page (in /apache2-default) when you go to /
#RedirectMatch ^/$ /apache2-default/
</Directory>
# <Directory "/home/netkiller/www">
# AllowOverride None
# Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
# Order allow,deny
# Allow from all
# </Directory>
ErrorLog /var/log/apache2/neo.error.log
</VirtualHost>
~web环境
http://xxx.xxx.xxx.xxx/~netkiller/
http://www.apachefriends.org/en/xampp-linux.html
Apache 安装与配置
configure
--with-mpm=worker 进程,线程混合方式效率提高不少
--enable-rewrite=shared Rewrite用于表态化
--enable-authz_host=shared Order权限
--enable-setenvif=shared
--enable-log_config=shared 日志格式
--enable-speling=shared 允许自动修正拼错的URL
--enable-deflate=shared 压缩传送
启动
ln -s /usr/local/httpd-2.2.4/ /usr/local/apache
bin/apachectl start
cronolog
cronolog
cd /usr/local/src/
wget http://cronolog.org/download/cronolog-1.6.2.tar.gz
tar zxvf cronolog-1.6.2.tar.gz
cd cronolog-1.6.2
./configure --prefix=/usr/local/cronolog
make
make install
PHP
过程 25.1. 安装PHP
1. 第一步
cd /usr/local/src
wget http://cn2.php.net/get/php-5.3.0.tar.bz2/from/cn.php.net/mirror
tar jxvf php-5.3.0.tar.bz2
cd php-5.3.0
2. 第二步
./configure --prefix=/usr/local/php-5.3.0 \
--with-config-file-path=/usr/local/php-5.3.0/etc \
--with-apxs2=/usr/local/apache/bin/apxs \
--with-curl \
--with-gd \
--with-ldap \
--with-snmp \
--enable-zip \
--enable-exif \
--with-libxml-dir \
--with-mysql \
--with-mysqli \
--with-pdo-mysql \
--with-pdo-pgsql
make
make test
make install
a. 建立符号连接
ln -s /usr/local/php-5.3.0 /usr/local/php
b. php.ini
cp php.ini-dist /usr/local/php/etc/php.ini
c. conf/httpd.conf
reload apache
3. 最后一步
phpinfo() 测试文件复杂到apache目录
例 25.1. index.php
--with-snmp
rpm -i elfutils-libelf-devel-0.97.1-3.i386.rpm
rpm -i elfutils-devel-0.97.1-3.i386.rpm
rpm -i beecrypt-devel-3.1.0-6.i386.rpm
rpm -i net-snmp-devel-5.1.2-11.EL4.7.i386.rpm
编译扩展模块
单独编译php扩展模块
[root@websrv]# cd /usr/local/php-5.3.0/ext/xmlrpc
[root@websrv]# /usr/local/php-5.3.0/bin/phpize
[root@websrv]# ./configure --with-php-config=/usr/local/php-5.3.0/bin/php-config
[root@websrv]# make
[root@websrv]# make test
[root@websrv]# make install
Installing shared extensions: /usr/local/php-5.3.0/lib/php/extensions/no-debug-zts-
20060613/
[root@websrv]# mv /usr/local/php-5.3.0/lib/php/extensions/no-debug-zts-20060613/* /
usr/local/php-5.3.0/lib/php/extensions/
修改配置在php.ini里,配置扩展目录 并添加扩展模块引用:
extension_dir = "/usr/local/php-5.3.0/lib/php/extensions/"
extension = xmlrpc.so
zts-20060613/
[root@test openssl]# cp /usr/local/php-5.2.13/lib/php/extensions/no-debug-zts-
20060613/* /usr/local/php-5.2.13/lib/php/extensions/
php.ini
extension_dir = "/usr/local/php-5.2.13/lib/php/extensions/"
extension = openssl.so
Automation Installing
例 25.4. autolamp.sh
#!/bin/bash
HTTPD_SRC=httpd-2.2.15.tar.gz
PHP_SRC=php-5.2.13.tar.gz
MYSQL_SRC='mysql-5.1.45.tar.gz'
MYSQL_LIBS_SRC='mysql-5.1.45-linux-x86_64-glibc23.tar.gz'
SRC_DIR=$(pwd)
HTTPD_DIR=${HTTPD_SRC%%.tar.gz}
PHP_DIR=${PHP_SRC%%.tar.*}
MYSQL_DIR=${MYSQL_SRC%%.tar.*}
MYSQL_LIBS_DIR=${MYSQL_LIBS_SRC%%.tar.*}
function clean(){
rm -rf $HTTPD_DIR
rm -rf $PHP_DIR
rm -rf $MYSQL_DIR
rm -rf $MYSQL_LIBS_DIR
}
function mysql(){
rm -rf $MYSQL_DIR
tar zxf $MYSQL_SRC
cd $MYSQL_DIR
./configure \
--prefix=/usr/local/$MYSQL_DIR \
--with-mysqld-user=mysql \
--with-unix-socket-path=/tmp/mysql.sock \
--with-charset=utf8 \
--with-collation=utf8_general_ci \
--with-pthread \
--with-mysqld-ldflags \
--with-client-ldflags \
--with-openssl \
--without-docs \
--without-debug \
--without-ndb-debug \
--without-bench
#-–without-isam
#--without-innodb \
#--without-ndbcluster \
#--without-blackhole \
#--without-ibmdb2i \
#--without-federated \
#--without-example \
#--without-comment \
#--with-extra-charsets=gbk,gb2312,utf8 \
#--localstatedir=/usr/local/mysql/data
#--with-extra-charsets=all
make clean
make && make install
cd ..
/usr/local/$MYSQL_DIR/bin/mysql_install_db
}
function httpd(){
rm -rf $HTTPD_DIR
tar zxf $HTTPD_SRC
cd $HTTPD_DIR
./configure --prefix=/usr/local/$HTTPD_DIR \
--with-mpm=worker \
--enable-so \
--enable-mods-shared=all \
--disable-authn_file \
--disable-authn_default \
--disable-authz_groupfile \
--disable-authz_user \
--disable-authz_default \
--disable-auth_basic \
--disable-include \
--disable-env \
--disable-status \
--disable-autoindex \
--disable-asis \
--disable-cgi \
--disable-cgid \
--disable-negotiation \
--disable-actions \
--disable-userdir \
--disable-alias
make clean
make && make install
cd ..
}
function php(){
rm -rf $MYSQL_LIBS_DIR
tar zxf $MYSQL_LIBS_SRC
rm -rf $PHP_DIR
tar zxf $PHP_SRC
cd $PHP_DIR
./configure --prefix=/usr/local/$PHP_DIR \
--with-config-file-path=/usr/local/$PHP_DIR/etc \
--with-apxs2=/usr/local/$HTTPD_DIR/bin/apxs \
--with-curl \
--with-gd \
--with-jpeg-dir=/usr/lib64 \
--with-iconv \
--with-zlib-dir \
--with-pear \
--with-libxml \
--with-dom \
--with-xmlrpc \
--with-openssl \
--with-mysql=/usr/local/mysql-5.1.45-linux-x86_64-glibc23 \
--with-mysqli \
--with-pdo-mysql \
--enable-memcache \
--enable-zip \
--enable-sockets \
--enable-soap \
--enable-mbstring \
--enable-magic-quotes \
--enable-inline-optimization \
--enable-xml
function memcached(){
MEMCACHED_PKG=memcached-1.4.5.tar.gz
MEMCACHED_SRC=memcached-1.4.5
rm -rf $MEMCACHED_SRC
tar zxf $MEMCACHED_PKG
cd $MEMCACHED_SRC
./configure --prefix=/usr/local/memcached-1.4.5
make && make install
}
# See how we were called.
case "$1" in
clean)
clean
;;
httpd)
httpd
;;
php)
php
;;
mysql)
if [ -f $0 ] ; then
mysql
fi
;;
depend)
depend
;;
java)
java
;;
memcached)
memcached
;;
all)
clean
echo ##################################################
echo # $MYSQL_DIR Installing...
echo ##################################################
mysql
echo ##################################################
echo # $HTTPD_DIR Installing...
echo ##################################################
httpd
echo ##################################################
echo # $PHP_DIR Installing...
echo ##################################################
php
ln -s /usr/local/$HTTPD_DIR /usr/local/apache
ln -s /usr/local/$MYSQL_DIR /usr/local/mysql
ln -s /usr/local/$PHP_DIR /usr/local/php
clean
;;
*)
echo $"Usage: $0 {httpd|php|mysql|all|clean}"
RETVAL=2
;;
esac
exit $RETVAL
Apache 调优
上一页 第 25 章 LAMP 下一页
Apache 调优
worker
worker
conf/extra/httpd-mpm.conf
mpm_worker_module
<IfModule mpm_worker_module>
ServerLimit 60
ThreadLimit 500
StartServers 5
MaxClients 15000
MinSpareThreads 100
MaxSpareThreads 600
ThreadsPerChild 300
MaxRequestsPerChild 0
</IfModule>
Listen
绑定多个IP
#Listen 80
Listen 192.168.3.40:80
Listen 192.168.4.40:80
Listen 192.168.5.40:80
VirtualHost
上一页 第 25 章 LAMP 下一页
VirtualHost
conf/extra/httpd-vhosts.conf
or
/etc/httpd/conf.d/vhost.conf
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/usr/local/httpd-2.2.14/docs/dummy-host.example.com"
ServerName dummy-host.example.com
ServerAlias www.dummy-host.example.com
ErrorLog "logs/dummy-host.example.com-error_log"
CustomLog "logs/dummy-host.example.com-access_log" common
</VirtualHost>
http://netkiller.sourceforge.net/linux/ch25s03.html[21/5/2010 21:43:36]
Module
Module
上一页 第 25 章 LAMP 下一页
Module
This will not list dynamically loaded modules included using the LoadModule directive.
Apache Status
开启Apache的status模块,需要修改httpd.conf,增加以下配置段:
ExtendedStatus On
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from 125.76.229.113
</Location>
http://www.domain.com/server-status
Alias / AliasMatch
Redirect / RedirectMatch
Redirect
RedirectMatch
<VirtualHost *:80>
ServerName www.old.com
DocumentRoot /path/to/htdocs
......
<Directory "/path/to/htdocs">
RedirectMatch ^/(.*)$ http://www.new.com/$1
</Directory>
</VirtualHost>
Rewrite
Rewrite + JkMount
后面用[PT]
$ vi .htaccess
RewriteEngine on
RewriteCond %{HTTP_HOST} ^domain\.com
RewriteRule ^(.*)$ http://www.domain.com/$1 [R=permanent,L]
redirect
<VirtualHost *:80>
ServerAdmin webmaster@example.com
DocumentRoot "/www/www.example.com/images"
ServerName images.example.com
RewriteEngine On
RewriteRule ^(.+)(jpg|gif|bmp|jpeg|ico|png|css)$ http://images.other.com/$1$2 [R]
ErrorLog "logs/images.example.com-error.log"
</VirtualHost>
Proxy
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://your.domain.com:8080/
ProxyPassReverse / http://your.domain.com:8080/
deflate
mod_deflate
httpd.conf中中加入下列语句:
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
DeflateCompressionLevel 9
AddOutputFilterByType DEFLATE text/html text/plain text/xml application/x-httpd-php
AddOutputFilter DEFLATE txt css js
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary
DeflateFilterNote Input input_info
DeflateFilterNote Output output_info
DeflateFilterNote Ratio ratio_info
LogFormat '"%r" %{output_info}n/%{input_info}n (%{ratio_info}n%%)' deflate
CustomLog logs/deflate_log.log deflate
</IfModule>
对目录/usr/local/apache/htdocs有效
<Directory "/usr/local/apache/htdocs">
AllowOverride None
Options None
Order allow,deny
Allow from all
SetOutputFilter DEFLATE
DeflateCompressionLevel 9
AddOutputFilterByType DEFLATE text/html text/plain text/xml application/x-
httpd-php
AddOutputFilter DEFLATE txt css js
SetEnvIfNoCase Request_URI \
\.(?:gif|jpe?g|png)$ no-gzip dont-vary
</Directory>
Log定义
测试 gzip,deflate 模块
telnet www.bg7nyt.cn 80
你看到的是乱码,而不是HTML.
mod_expires
ExpiresActive On
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
Apache Log
分割log日志文件
<IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
combined
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %{email}
C %{nickname}C" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O"
combinedio
</IfModule>
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
#CustomLog logs/access_log common
#
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#
CustomLog logs/access_log combined
#CookieLog logs/cookie_log
</IfModule>
跟踪用户的cookie
log日志文件记录用户的cookie
跟踪用户信息
CookieTracking on
CookieDomain .chedong.com
CookieExpires "10 years"
CookieStyle Cookie
Charset
Default charset
AddDefaultCharset UTF-8
Files match
<FilesMatch "\.(htm|html|css|js)$">
ForceType 'text/html; charset=UTF-8'
</FilesMatch>
<FilesMatch "\.(htm|html|css|js)$">
AddDefaultCharset UTF-8
</FilesMatch>
<Files "example.html">
AddCharset UTF-8 .html
</Files>
<Files "example.html">
ForceType 'text/html; charset=UTF-8'
</Files>
PHP 5
上一页 第 25 章 LAMP 下一页
PHP 5
$ sudo apt-get install php5
pgsql模块
netkiller@Linux-server:~$
http://netkiller.sourceforge.net/linux/ch25s05.html[21/5/2010 21:43:41]
Mod Perl
Mod Perl
上一页 第 25 章 LAMP 下一页
Mod Perl
ref: http://search.cpan.org/~agrundma/Catalyst-Engine-Apache-1.07/lib/Catalyst/Engine/
Apache2/MP20.pm
$ sudo vi /etc/apache2/sites-available/catalyst.conf
例 25.5. mod_perl.conf
PerlSwitches -I/var/www/MyApp/lib
# Preload your entire application
PerlModule MyApp
<VirtualHost 192.168.245.129:80>
ServerName 192.168.245.129
DocumentRoot /var/www/MyApp/root
<Directory /var/www/MyApp/root>
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
# PerlFixupHandler Apache::DB
# </Location>
# </IfDefine>
<Location />
SetHandler modperl
PerlResponseHandler MyApp
</Location>
db.pl
enable site
Error Prompt
上一页 第 25 章 LAMP 下一页
Error Prompt
没有加载 mod_authz_host 模块
http://netkiller.sourceforge.net/linux/ch25s07.html[21/5/2010 21:43:44]
第 26 章 Tomcat 安装与配置
第 26 章 Tomcat 安装与配置
上一页 部分 III. Web Application 下一页
第 26 章 Tomcat 安装与配置
目录
install java
install tomcat
Connector
mod_jk
mod_proxy_ajp
RewriteEngine 连接 Tomcat
Testing file
Script 1
Shell Script 2
install java
解压安装
chmod +x jdk-6u1-linux-i586.bin
./jdk-6u1-linux-i586.bin
输入"yes"回车
mv jdk1.6.0_01 /usr/local/
ln -s /usr/local/jdk1.6.0_01/ /usr/local/java
/etc/profile.d/java.sh
例 26.1. /etc/profile.d/java.sh
################################################
### Java environment
################################################
export JAVA_HOME=/usr/local/java
export JRE_HOME=/usr/local/java/jre
export PATH=$PATH:/usr/local/java/bin:/usr/local/java/jre/bin
export CLASSPATH="./:/usr/local/java/lib:/usr/local/java/jre/lib:/usr/local/
memcached/api/java"
export JAVA_OPTS="-Xms512m -Xmx1024m"
install tomcat
上一页 第 26 章 Tomcat 安装与配置 下一页
install tomcat
下载binary解压到/usr/local/
下载软件包
wget http://archive.apache.org/dist/tomcat/tomcat-6/v6.0.13/bin/apache-tomcat-6.0.13.
tar.gz
wget http://archive.apache.org/dist/tomcat/tomcat-connectors/native/tomcat-native-
1.1.10-src.tar.gz
wget http://archive.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.23/
tomcat-connectors-1.2.23-src.tar.gz
tomcat-native
catalina.sh
CATALINA_OPTS="-Djava.library.path=/usr/local/apr/lib"
JAVA_OPTS="-Xss128k -Xms128m -Xmx1024m -XX:PermSize=128M -XX:MaxPermSize=256m -XX:
MaxNewSize=256m"
启动
startup.sh
Connector
上一页 第 26 章 Tomcat 安装与配置 下一页
Connector
vi conf/server.xml
<Connector port="8009"
maxThreads="18000"
minSpareThreads="100"
maxSpareThreads="500"
enableLookups="false"
acceptCount="15000"
connectionTimeout="30000"
redirectPort="8443"
disableUploadTimeout="true"
URIEncoding="UTF-8"
protocol="AJP/1.3"/>
压缩传送数据
compression="on"
compressionMinSize="2048"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/xml,text/plain,text/javascript,text/css"
如果你的站点编码非UTF-8,去掉URIEncoding="UTF-8"使用下面选项.
useBodyEncodingForURI="true"
http://netkiller.sourceforge.net/linux/ch26s03.html[21/5/2010 21:43:50]
mod_jk
mod_jk
上一页 第 26 章 Tomcat 安装与配置 下一页
mod_jk
mod_jk 安装
httpd.conf 尾部加入
Include conf/mod_jk.conf
配置workers.properties
apache/conf/workers.properties
mod_jk.conf
apache/conf/mod_jk.conf
分别测试apache,tomcat
mod_proxy_ajp
上一页 第 26 章 Tomcat 安装与配置 下一页
mod_proxy_ajp
包含虚拟主机配置文件
# vi conf/httpd.conf
# Virtual hosts
Include conf/extra/httpd-vhosts.conf
虚拟主机中配置ProxyPass,ProxyPassReverse
# vi conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
ServerName netkiller.8800.org
ProxyPass /images !
ProxyPass /css !
ProxyPass /js !
ProxyPass /ajp ajp://localhost:8009/ajp
ProxyPassReverse /ajp ajp://localhost:8009/ajp
</VirtualHost>
反向代理和均衡负载模块
<Proxy balancer://tomcatcluster>
BalancerMember ajp://localhost:8009 route=web1
BalancerMember ajp://localhost:10009 smax=10 route=web2
BalancerMember ajp://localhost:11009 route=web3
BalancerMember ajp://localhost:12009 smax=10 route=web4
</Proxy>
RewriteEngine 连接 Tomcat
上一页 第 26 章 Tomcat 安装与配置 下一页
RewriteEngine 连接 Tomcat
RewriteEngine On
http://netkiller.sourceforge.net/linux/ch26s06.html[21/5/2010 21:43:55]
Testing file
Testing file
上一页 第 26 章 Tomcat 安装与配置 下一页
Testing file
测试目录
测试文件
cat index.jsp
<body>
<%="It works!"%>
<%=new java.util.Date()%>
</body>
</html>
http://netkiller.sourceforge.net/linux/ch26s07.html[21/5/2010 21:43:57]
Script 1
Script 1
上一页 第 26 章 Tomcat 安装与配置 下一页
Script 1
#!/bin/bash
##############################################################
# Script for Apache and Tomcat
# File:/etc/rc.d/init.d/www
##############################################################
# Setup environment for script execution
#
# chkconfig: - 91 35
# description: Starts and stops the apache and tomcat daemons \
# used to provide Neo Chen
#
# pidfile: /var/run/www/apache.pid
# pidfile: /var/run/www/tomcat.pid
# config: /etc/apache2/apache2.conf
#APACHE_HOME=/usr/local/apache
#TOMCAT_HOME=/usr/local/tomcat
#APACHE_USER=apache
#TOMCAT_USER=tomcat
APACHE_HOME=/usr/local/apache-evaluation
TOMCAT_HOME=/usr/local/apache-tomcat-evaluation
APACHE_USER=root
TOMCAT_USER=root
OPEN_FILES=20480
if [ ! -d /var/run/www ] ; then
mkdir /var/run/www
fi
if [ -f /var/lock/subsys/tomcat ] ; then
start() {
if [ `ulimit -n` != ${OPEN_FILES} ]; then
ulimit -n ${OPEN_FILES}
fi
echo -en "\\033[1;32;1m"
echo "Starting Tomcat $TOMCAT_HOME ..."
echo -en "\\033[0;39;1m"
if [ -s /var/run/www/tomcat.pid ]; then
echo "tomcat (pid `cat /var/run/www/tomcat.pid`) already running"
else
su - ${TOMCAT_USER} -c "$TOMCAT_HOME/bin/catalina.sh start > /dev/
null"
echo `pgrep java` > /var/run/www/tomcat.pid
touch /var/lock/subsys/tomcat
fi
sleep 2
echo -en "\\033[1;32;1m"
echo "Starting Apache $APACHE_HOME ..."
echo -en "\\033[0;39;1m"
su - ${APACHE_USER} -c "$APACHE_HOME/bin/apachectl start"
touch /var/lock/subsys/apache
}
stop() {
echo -en "\\033[1;32;1m"
echo "Shutting down Apache $APACHE_HOME ..."
echo -en "\\033[0;39;1m"
su - ${APACHE_USER} -c "$APACHE_HOME/bin/apachectl stop"
sleep 2
echo -en "\\033[1;32;1m"
echo "Shutting down Tomcat $TOMCAT_HOME ..."
echo -en "\\033[0;39;1m"
su - ${TOMCAT_USER} -c "$TOMCAT_HOME/bin/catalina.sh stop > /dev/null"
rm -rf /var/run/www/tomcat.pid
rm -f /var/lock/subsys/tomcat
rm -f /var/lock/subsys/apache
}
restart() {
stop
if [ "`pgrep java`" = "" ]&& [ "`pgrep httpd`" = "" ]; then
start
exit 0
else
echo "Usage: $0 killall (^C)"
echo -n "Waiting: "
fi
while true;
do
sleep 1
if [ "`pgrep java`" = "" ] && [ "`pgrep httpd`" = "" ]; then
break
else
echo -n "."
#echo -n "Enter your [y/n]: "; read ISKILL;
fi
done
echo
start
}
status() {
ps -aux | grep -e tomcat -e apache
killall() {
if [ "`pgrep httpd`" != "" ]; then
echo -en "\\033[1;32;1m"
echo "kill Apache pid(`pgrep httpd`) ..."
kill -9 `pgrep httpd`
echo -en "\\033[0;39;1m"
fi
if [ "`pgrep java`" != "" ]; then
echo -en "\\033[1;32;1m"
echo "kill Tomcat pid(`pgrep java`) ..."
kill -9 `pgrep java`
echo -en "\\033[0;39;1m"
fi
rm -rf /var/run/www/tomcat.pid
rm -f /var/lock/subsys/tomcat
rm -f /var/lock/subsys/apache
}
restart)
restart
;;
status)
status
;;
killall)
killall
;;
*)
echo -en "\\033[1;32;1m"
echo "Usage: $1 {start|stop|restart|status|killall}"
echo -en "\\033[0;39;1m"
;;
esac
echo -en "\\033[0;39;m"
exit 0
Shell Script 2
上一页 第 26 章 Tomcat 安装与配置 下一页
Shell Script 2
Apache,Tomcat 运行脚本
例 26.2. /etc/rc.d/init.d/www
#!/bin/bash
##############################################################
# Script for Apache and Tomcat
# File:/etc/rc.d/init.d/www
##############################################################
# Setup environment for script execution
#
# chkconfig: - 91 35
# description: Starts and stops the apache and tomcat daemons \
# used to provide Neo Chen<openunix@163.com>
#
# pidfile: /var/run/www/apache.pid
# pidfile: /var/run/www/tomcat.pid
# config: /etc/apache2/apache2.conf
#APACHE_HOME=/usr/local/apache
#TOMCAT_HOME=/usr/local/tomcat
#APACHE_USER=apache
#TOMCAT_USER=tomcat
APACHE_HOME=/usr/local/apache
TOMCAT_HOME=/usr/local/tomcat
APACHE_USER=root
TOMCAT_USER=root
WAIT_TIME=10
get_apache_pid(){
APACHE_PID=`pgrep -o httpd`
echo $APACHE_PID
}
get_tomcat_pid(){
TOMCAT_PID=`ps axww | grep catalina.home | grep -v 'grep' | sed q | awk '{print
$1}'`
echo $TOMCAT_PID
}
#OPEN_FILS=40960
if [ ! -d /var/run/www ] ; then
mkdir /var/run/www
fi
start() {
#if [ `ulimit -n` -le ${OPEN_FILES} ]; then
# ulimit -n ${OPEN_FILES}
#fi
echo -en "\\033[1;32;1m"
echo "Starting Tomcat $TOMCAT_HOME ..."
echo -en "\\033[0;39;1m"
if [ -s /var/run/www/tomcat.pid ]; then
echo "tomcat (pid `cat /var/run/www/tomcat.pid`) already running"
else
su - ${TOMCAT_USER} -c "$TOMCAT_HOME/bin/catalina.sh start > /dev/
null"
echo `get_tomcat_pid` > /var/run/www/tomcat.pid
touch /var/lock/subsys/tomcat
fi
sleep 2
echo -en "\\033[1;32;1m"
echo "Starting Apache $APACHE_HOME ..."
echo -en "\\033[0;39;1m"
su - ${APACHE_USER} -c "$APACHE_HOME/bin/apachectl start"
touch /var/lock/subsys/apache
}
stop() {
echo -en "\\033[1;32;1m"
echo "Shutting down Apache $APACHE_HOME ..."
echo -en "\\033[0;39;1m"
su - ${APACHE_USER} -c "$APACHE_HOME/bin/apachectl stop"
sleep 2
echo -en "\\033[1;32;1m"
echo "Shutting down Tomcat $TOMCAT_HOME ..."
echo -en "\\033[0;39;1m"
su - ${TOMCAT_USER} -c "$TOMCAT_HOME/bin/catalina.sh stop > /dev/null"
rm -rf /var/run/www/tomcat.pid
rm -f /var/lock/subsys/tomcat
rm -f /var/lock/subsys/apache
}
restart() {
stop
sleep 2
if [ -z `get_tomcat_pid` ]&& [ -z `get_apache_pid` ]; then
start
exit 0
else
echo "Usage: $0 killall (^C)"
echo -n "Waiting: "
fi
while true;
do
sleep 1
if [ -z `get_tomcat_pid` ] && [ -z `get_apache_pid` ]; then
break
else
echo -n "."
fi
done
echo
start
}
k9restart() {
ISEXIT='false'
stop
for i in `seq 1 ${WAIT_TIME}`;
do
if [ -z `get_tomcat_pid` ] && [ -z `get_apache_pid` ]; then
ISEXIT='true'
break
else
sleep 1
fi
done
if [ -n `get_apache_pid` ]; then
kill -9 `pgrep httpd`
fi
if [ -n `get_tomcat_pid` ]; then
kill -9 `get_tomcat_pid`
fi
done
rm -rf /var/run/www/tomcat.pid
rm -f /var/lock/subsys/tomcat
rm -f /var/lock/subsys/apache
fi
echo
status() {
#ps -aux | grep -e tomcat -e apache
kall() {
if [ `get_apache_pid` ]; then
echo -en "\\033[1;32;1m"
echo "kill Apache pid(`pgrep httpd`) ..."
kill `pgrep httpd`
echo -en "\\033[0;39;1m"
fi
if [ `get_tomcat_pid` ]; then
echo -en "\\033[1;32;1m"
echo "kill Tomcat pid(`pgrep java`) ..."
kill `pgrep java`
echo -en "\\033[0;39;1m"
fi
rm -rf /var/run/www/tomcat.pid
rm -f /var/lock/subsys/tomcat
rm -f /var/lock/subsys/apache
}
reload() {
killall -HUP httpd
}
tomcat_restart() {
su - ${TOMCAT_USER} -c "$TOMCAT_HOME/bin/catalina.sh stop > /dev/null"
rm -rf /var/run/www/tomcat.pid
rm -f /var/lock/subsys/tomcat
sleep 2
if [ -z `get_tomcat_pid` ]; then
su - ${TOMCAT_USER} -c "$TOMCAT_HOME/bin/catalina.sh start > /dev/null"
exit 0
else
echo "Usage: $0 killall (^C)"
echo -n "Waiting: "
fi
while true;
do
sleep 1
if [ -z `get_tomcat_pid` ]; then
echo
break
else
echo -n "."
#echo -n "Enter your [y/n]: "; read ISKILL;
fi
done
su - ${TOMCAT_USER} -c "$TOMCAT_HOME/bin/catalina.sh start > /dev/null"
echo `get_tomcat_pid` > /var/run/www/tomcat.pid
touch /var/lock/subsys/tomcat
}
;;
stop)
stop
;;
restart)
restart
;;
status)
status
;;
killall)
kall
;;
k9restart)
k9restart >/dev/null
;;
*)
echo -en "\\033[1;32;1m"
echo "Usage: $0 {start|stop|restart|status|killall|k9restart}"
echo "Usage: $0 apache {start|restart|graceful|graceful-stop|stop|reload}"
echo "Usage: $0 tomcat {debug|run|start|restart|stop|version}"
echo -en "\\033[0;39;1m"
;;
esac
echo -en "\\033[0;39;m"
exit 0
第 27 章 Resin
上一页 部分 III. Web Application 下一页
第 27 章 Resin
目录
安装Resin
Debian/Ubuntu
源码安装Resin
Compiling mod_caucho.so
http://www.caucho.com
安装Resin
JRE
下载Resin
Debian/Ubuntu
$ wget http://www.caucho.com/download/resin_4.0.1-i386.deb
安装 Resin
源码安装Resin
源码安装
$ cd /usr/local/src/
$ wget http://www.caucho.com/download/resin-4.0.1.tar.gz
$ tar zxvf resin-4.0.1.tar.gz
$ sudo mv resin-4.0.1 ..
$ cd ..
$ sudo ln -s resin-4.0.1 resin
设置 resin 以服务的形式开机自启动
Compiling mod_caucho.so
上一页 第 27 章 Resin 下一页
Compiling mod_caucho.so
<IfModule mod_caucho.c>
ResinConfigServer localhost 6802
<Location /caucho-status>
SetHandler caucho-status
</Location>
</IfModule>
第 28 章 Application Service
上一页 部分 III. Web Application 下一页
第 28 章 Application Service
目录
Zope
JBoss - JBoss Enterprise Middleware
Zope
参考Python安装
1. 下载 Zope-3
wget http://www.zope.org/Products/Zope3/3.3.1/Zope-3.3.1.tgz
tar zxvf Zope-3.3.1.tgz
cd cd Zope-3.3.1
2. configure
make
make check
make install
3. 创建一个Zope实例
cd /usr/local/Zope
./bin/mkzopeinstance -u neo:chen -d /usr/local/Zope/webapps
cd webapps
./bin/runzope
4. 测试
http://netkiller.8800.org:8080/
1. 下载安装 JBoss
cd /usr/local/src/
wget http://nchc.dl.sourceforge.net/sourceforge/jboss/jboss-5.0.0.Beta2.zip
unzip jboss-5.0.0.Beta2.zip
mv jboss-5.0.0.Beta2 ..
cd ..
ln -s jboss-5.0.0.Beta2 jboss
2. 运行 Jboss
cd jboss/bin
chmod +x *.sh
./run.sh
http://netkiller.sourceforge.net/linux/ch28s02.html[21/5/2010 21:44:09]
第 29 章 Search Engine
第 29 章 Search Engine
上一页 部分 III. Web Application 下一页
第 29 章 Search Engine
目录
Solr
Embedded Jetty
Jetty
Tomcat
solr-php-client
multicore
中文分词
Nutch
Solr
http://lucene.apache.org/solr/
java 采用apt-get安装
例 29.1. /etc/profile.d/java.sh
################################################
### Java environment by neo
################################################
export JAVA_HOME=/usr
export JRE_HOME=/usr
export PATH=$PATH:/usr/local/apache-tomcat/bin/:/usr/local/jetty-6.1.18/bin
export CLASSPATH="./:/usr/share/java/:/usr/local/apache-solr/example/multicore/lib"
export JAVA_OPTS="-Xms128m -Xmx1024m"
Embedded Jetty
wget http://apache.freelamp.com/lucene/solr/1.3.0/apache-solr-1.3.0.tgz
tar zxvf apache-solr-1.3.0.tgz
ln -s apache-solr-1.3.0 ../apache-solr
cd ../apache-solr/example/
java -jar start.jar
Jetty
http://jetty.mortbay.org/jetty/
1. install
2. firewall
3. Testing.
http://172.16.0.1:8280/
● download
wget http://dist.codehaus.org/jetty/jetty-6.1.18/jetty-
6.1.18.zip
Tomcat
http://tomcat.apache.org/
1. download
cd /usr/local/src
wget http://apache.etoak.com/tomcat/tomcat-6/v6.0.20/bin/apache-tomcat-6.0.20.tar.gz
wget http://apache.freelamp.com/lucene/solr/1.3.0/apache-solr-1.3.0.tgz
2. solr.xml
vim /usr/local/apache-tomcat/conf/Catalina/localhost/solr.xml
<Context docBase="/usr/local/apache-solr/dist/apache-solr-1.3.0.war"
debug="0" crossContext="true" >
<Environment name="solr/home" type="java.lang.String" value="/usr/local/
apache-solr/example/solr" override="true" />
</Context>
solr-php-client
http://code.google.com/p/solr-php-client/
wget http://solr-php-client.googlecode.com/files/SolrPhpClient.2009-03-11.tgz
tar zxvf SolrPhpClient.2009-03-11.tgz
sudo mv SolrPhpClient/Apache /usr/share/php/
multicore
solr.xml
vim /usr/local/apache-solr/example/multicore/solr.xml
</cores>
</solr>
mkdir -p article/conf
vim article/conf/solrconfig.xml
vim article/conf/schema.xml
commit datas
vim test.xml
<add>
<doc>
<field name="id">1</field>
<field name="name">Hello world</field>
</doc>
<doc>
<field name="id">2</field>
<field name="title">Title Hello world</field>
</doc>
<doc>
<field name="id">3</field>
<field name="name">Hello world 1</field>
<field name="content">Content 1</field>
</doc>
<doc>
<field name="id">4</field>
<field name="name">Name Neo</field>
</doc>
<doc>
<field name="id">5</field>
<field name="name">Last Chan</field>
</doc>
</add>
中文分词
ChineseTokenizerFactory
CJK
mmseg4j
http://code.google.com/p/mmseg4j/
install
$ cd /usr/local/src/
$ wget http://mmseg4j.googlecode.com/files/mmseg4j-1.7.2.zip
$ unzip mmseg4j-1.7.2.zip
$ mkdir /usr/local/apache-solr/example/multicore/lib
$ cp /usr/local/src/mmseg4j-1.7.2/mmseg4j-all-1.7.2.jar /usr/local/apache-
solr/example/multicore/lib
$ cd mmseg4j-1.7.2/
test
分词例子
<analyzer>
<tokenizer class="com.chenlb.mmseg4j.solr.MMSegTokenizerFactory"
mode="complex" dicPath="dic">
</tokenizer>
</analyzer>
</fieldtype>
添加到schema.xml
$ cd /usr/local/src/
$ mkdir paoding-analysis-2.0.4-beta
$ cd paoding-analysis-2.0.4-beta/
$ wget http://paoding.googlecode.com/files/paoding-analysis-2.0.4-beta.zip
$ unzip paoding-analysis-2.0.4-beta.zip
$ cp paoding-analysis.jar /usr/local/apache-solr/example/multicore/lib/
ChineseTokenizerFactory
Nutch
上一页 第 29 章 Search Engine 下一页
Nutch
http://lucene.apache.org/nutch/
http://wiki.apache.org/nutch/NutchHadoopTutorial
1. 下载
$ cd /usr/local/src/
$ wget http://apache.etoak.com/lucene/nutch/nutch-1.0.tar.gz
$ tar zxvf nutch-1.0.tar.gz
$ sudo cp -r nutch-1.0 ..
$ cd ..
$ sudo ln -s nutch-1.0 apache-nutch
2. 创建文件myurl
$ cd apache-nutch
$ mkdir urls
$ vim urls/myurl
http://netkiller.8800.org/
3. 配置文件 crawl-urlfilter.txt
编辑conf/crawl-urlfilter.txt文件,修改MY.DOMAIN.NAME部分,把它替换为你想要抓取的域名
$ cp conf/crawl-urlfilter.txt conf/crawl-urlfilter.txt.old
$ vim conf/crawl-urlfilter.txt
4. http.agent.name
$ vim conf/nutch-site.xml
<?xml version="1.0"?>
<configuration>
<property>
<name>http.agent.name</name>
<value>Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624
Firefox/3.5</value>
<description>HTTP 'User-Agent' request header. MUST NOT be empty -
please set this to a single word uniquely related to your organization.
http.robots.agents
http.agent.description
http.agent.url
http.agent.email
http.agent.version
</description>
</property>
<property>
<name>http.agent.description</name>
<value></value>
<description>Further description of our bot- this text is used in
the User-Agent header. It appears in parenthesis after the agent name.
</description>
</property>
<property>
<name>http.agent.url</name>
<value>http://netkiller.8800.org/robot.html</value>
<description>A URL to advertise in the User-Agent header. This will
appear in parenthesis after the agent name. Custom dictates that this
should be a URL of a page explaining the purpose and behavior of this
crawler.
</description>
</property>
<property>
<name>http.agent.email</name>
<value>openunix@163.com</value>
<description>An email address to advertise in the HTTP 'From' request
header and User-Agent header. A good practice is to mangle this
address (e.g. 'info at example dot com') to avoid spamming.
</description>
</property>
</configuration>
5. 运行以下命令行开始工作
urls 存放需要爬行的url文件的目录,即目录/nutch/urls。
-dir dirnames 设置保存所抓取网页的目录.
-depth depth 表明抓取网页的层次深度
-delay delay 表明访问不同主机的延时,单位为“秒”
-threads threads 表明需要启动的线程数
-topN 50 topN 一个网站保存的最大页面数。
6. depoly
$ cd /usr/local/apache-tomcat/conf/Catalina/localhost
$ vim nutch.xml
<Context docBase="/usr/local/apache-nutch/nutch-1.0.war" debug="0"
crossContext="true" >
</Context>
searcher.dir
$ vim /usr/local/apache-tomcat/webapps/nutch/WEB-INF/classes/nutch-site.xml
<?xml version="1.0"?>
<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
<configuration>
<property>
<name>searcher.dir</name>
<value>/usr/local/apache-nutch/crawl</value>
</property>
</configuration>
test
http://172.16.0.1:8080/nutch/
ulimit
open files
php.ini
Resource Limits
File Uploads
Session Shared
PATHINFO
APC Cache (php-apc - APC (Alternative PHP Cache) module for PHP 5)
Zend Optimizer
eaccelerator
Memcached
编译安装
debian/ubuntu
khttpd
系统配置
ulimit
查看 ulimit
ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
file size (blocks, -f) unlimited
open files
对于linux系统,所有设备都以映射为设备文件的方式存在,包括硬件(键盘,鼠标,打印机,显
示器,串口,并口,USB,硬盘,内存,网卡,声卡,显卡,等等....),还有软件(管道,
socket),访问这些资源,就相当与打开一个文件,
所以"open files"文件数限制很重要,默认值根本不能满足我们。
查看文件打开数
$ cat /proc/sys/fs/file-nr
3200 0 197957
已分配文件句柄的数目 已使用文件句柄的数目 文件句柄的最大数目
查看所有进程的文件打开数
lsof |wc -l
查看某个进程打开的文件数
lsof -p pid |wc -l
临时更改
# ulimit -n 65536
or
# ulimit -SHn 65536
or
永久更改
/etc/security/limits.conf
更省事的方法
最大线程数限制 threads-max
查看当前值
# cat /proc/sys/kernel/threads-max
32624
设置
有多种方法加大Linux的threads数,下买是临时更改
1、sysctl -w kernel.threads-max=65536
2、echo 65536 > /proc/sys/kernel/threads-max
永久修改
编辑/etc/sysctl.conf
增加
kernel.threads-max = 65536
#sysctl -p 马上生效
以上数值仅供参考,随着计算机发展,上面的值已经不太适合,当前流行的服务器。
php.ini
上一页 第 30 章 Web Server Optimization 下一页
php.ini
Resource Limits
Resource Limits
;;;;;;;;;;;;;;;;;;;
; Resource Limits ;
;;;;;;;;;;;;;;;;;;;
File Uploads
;;;;;;;;;;;;;;;;
; File Uploads ;
;;;;;;;;;;;;;;;;
; Temporary directory for HTTP uploaded files (will use system default if not
; specified).
;upload_tmp_dir =
Session Shared
编辑 php.ini 在 [Session]位置添加。
extension=memcache.so
memcache.allow_failover = 1
memcache.max_failover_attempts = 20
memcache.chunk_size = 8192
memcache.default_port = 11211
session.save_handler = memcache
session.save_path = "udp://172.16.0.10:11211,tcp://172.16.0.11:11211"
PATHINFO
cgi.fix_pathinfo=1
APC Cache (php-apc - APC (Alternative PHP Cache) module for PHP 5)
上一页 第 30 章 Web Server Optimization 下一页
http://pecl.php.net/package/APC
下载解包找到apc.php,放到web服务器上
http://netkiller.sourceforge.net/linux/ch30s03.html[21/5/2010 21:44:22]
Zend Optimizer
Zend Optimizer
上一页 第 30 章 Web Server Optimization 下一页
Zend Optimizer
http://www.zend.com/
1. 欢迎界面
单击 < OK > 按钮
2. LICENSE
单击 < OK > 按钮
建议安装在/usr/local/Zend_3.2.8
5. php.ini 安装路径
输入php.ini安装路径
单击 < OK > 按钮
6. 是否使用了Apache?
单击 < OK > 按钮
8. 安装完成
单击 < OK > 按钮
eaccelerator
上一页 第 30 章 Web Server Optimization 下一页
eaccelerator
http://netkiller.sourceforge.net/linux/ch30s05.html[21/5/2010 21:44:26]
Memcached
Memcached
上一页 第 30 章 Web Server Optimization 下一页
Memcached
编译安装
http://www.monkey.org/~provos/libevent/
cd /usr/local/src/
wget http://www.monkey.org/~provos/libevent-1.4.13-stable.tar.gz
tar zxf libevent-1.4.13-stable.tar.gz
cd libevent-1.4.13-stable
./configure --prefix=/usr/local/libevent-1.4.13-stable
make
make install
make verify
ln -s /usr/local/libevent-1.4.13-stable /usr/local/libevent
ln -s /usr/local/libevent/lib/* /usr/lib/
ln -s /usr/local/libevent/include/* /usr/include/
ln -s /usr/local/libevent/lib/* /usr/local/lib/
ln -s /usr/local/libevent/include/* /usr/local/include/
http://www.danga.com/memcached/
cd /usr/local/src/
wget http://memcached.googlecode.com/files/memcached-1.4.5.tar.gz
tar zxf memcached-1.4.5.tar.gz
cd memcached-1.4.5
./configure --prefix=/usr/local/memcached-1.4.5 --with-libevent=/usr/local/libevent
make
make install
ln -s /usr/local/memcached-1.4.5/ /usr/local/memcached
ln -s /usr/local/memcached/bin/memcached /usr/sbin/memcached
例 30.1. /etc/init.d/memcached
#!/bin/bash
start() {
echo -n $"Starting $prog: "
if [ $UID -ne 0 ]; then
RETVAL=1
failure
else
daemon --user=$USER /usr/sbin/memcached $OPTIONS
RETVAL=$?
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/memcached
fi;
echo
return $RETVAL
}
stop() {
echo -n $"Stopping $prog: "
if [ $UID -ne 0 ]; then
RETVAL=1
failure
else
killproc /usr/sbin/memcached
RETVAL=$?
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/memcached
fi;
echo
return $RETVAL
}
reload(){
echo -n $"Reloading $prog: "
killproc /usr/sbin/memcached -HUP
RETVAL=$?
echo
return $RETVAL
}
restart(){
stop
start
}
condrestart(){
[ -e /var/lock/subsys/memcached ] && restart
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
# reload)
# reload
# ;;
condrestart)
condrestart
;;
status)
status memcached
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart}"
RETVAL=1
esac
exit $RETVAL
/etc/init.d/memcached
chmod +x /etc/init.d/memcached
debian/ubuntu
/etc/memcached.conf
$ cat /etc/memcached.conf
# memcached default config file
# 2003 - Jay Bonci <jaybonci@debian.org>
# This configuration file is read by the start-memcached script provided as
# part of the Debian GNU/Linux distribution.
# Run memcached as a daemon. This command is implied, and is not needed for the
# daemon to run. See the README.Debian that comes with this package for more
# information.
-d
# Be verbose
# -v
# Start with a cap of 64 megs of memory. It's reasonable, and the daemon default
# Note that the daemon will grow to this size, but does not start out holding this
much
# memory
-m 64
# Run the daemon as root. The start-memcached will default to running as root if no
# -u command is present in this config file
-u nobody
# Specify which IP address to listen on. The default is to listen on all IP addresses
# This parameter is one of the only security measures that memcached has, so make
sure
# it's listening on a firewalled interface.
-l 127.0.0.1
# Limit the number of simultaneous incoming connections. The daemon default is 1024
# -c 1024
# Lock down all paged memory. Consult with the README and homepage before you do this
# -k
restart
khttpd
上一页 第 30 章 Web Server Optimization 下一页
khttpd
homepage: http://www.fenrus.demon.nl
http://netkiller.sourceforge.net/linux/ch30s07.html[21/5/2010 21:44:30]
第 31 章 Web Analysis
第 31 章 Web Analysis
上一页 部分 III. Web Application 下一页
第 31 章 Web Analysis
目录
综合测试
awstats
webalizer
综合测试
httpd 进程
压力测试 apache
压力测试 tomcat
压力测试 mod_proxy_ajp
压力测试 mod_jk
awstats
上一页 第 31 章 Web Analysis 下一页
awstats
Awstats
http://netkiller.sourceforge.net/linux/ch31s02.html[21/5/2010 21:44:34]
webalizer
webalizer
上一页 第 31 章 Web Analysis 下一页
webalizer
Webalizer
http://netkiller.sourceforge.net/linux/ch31s03.html[21/5/2010 21:44:35]
第 32 章 varnish - a state-of-the-art, high-performance HTTP accelerator
Varnish Install
status
varnishadm
清除缓存
log file
Varnish Install
http://varnish.projects.linpro.no/
1. install
2. /etc/default/varnish
3. /etc/varnish/default.vcl
backend default {
.host = "127.0.0.1";
.port = "8080";
}
4. reload
status
第 32 章 varnish - a state-of-the-art, high-
上一页 下一页
performance HTTP accelerator
status
$ varnishstat
or
$ varnishstat -n /var/lib/varnish/atom-netkiller/
HTTP Head
$ curl -I http://bg7nyt.mooo.com/
HTTP/1.1 404 Not Found
X-Powered-By: PHP/5.2.6-3ubuntu4.2
Content-type: text/html
Server: lighttpd/1.4.19
Content-Length: 539
Date: Wed, 23 Sep 2009 00:05:11 GMT
X-Varnish: 938430316
Age: 0
Via: 1.1 varnish
Connection: keep-alive
test gzip,defalte
varnishadm
第 32 章 varnish - a state-of-the-art, high-
上一页 下一页
performance HTTP accelerator
varnishadm
help messages
清除缓存
通过Varnish管理端口,使用正则表达式批量清除缓存:
清除所有缓存
http://bg7nyt.mooo.com/zh-cn/technology/news.html 清除类/zh-cn/下所有缓存
3、 (1)、例:清除类似http://blog.s135.com/a/zhangyan.html的URL地址): (2)、
例:清除类似http://blog.s135.com/tech的URL地址: /usr/local/varnish/bin/varnishadm -T
127.0.0.1:3500 url.purge w*$ (3)、例::
log file
第 32 章 varnish - a state-of-the-art, high-
上一页 下一页
performance HTTP accelerator
log file
log file
http://netkiller.sourceforge.net/linux/ch32s04.html[21/5/2010 21:44:43]
部分 IV. File Transfer, Synchronize, Storage And Backup/Restore
用户登录
smbtar - shell script for backing up SMB/CIFS shares directly to UNIX tape drives
FAQ
smbd/service.c:make_connection_snum(1013)
36. File Synchronize
rsync - fast remote file copy program (like rcp)
install with source
install with aptitude
upload
download
mirror
step by step to learn rsync
rsync examples
rsync for windows
tsync
Unison File Synchronizer
local
remote
config
csync2 - cluster synchronization tool
server
node
test
Advanced Configuration
37. Network Storage - Openfiler
Accounts
Volumes
RAID
iSCSI
Quota
Shares
38. Backup / Restore
Simple Backup
Bacula, the Open Source, Enterprise ready, Network Backup Tool for Linux, Unix, Mac
and Windows.
Amanda: Open Source Backup
39. inotify
inotify-tools
上一页 下一页
log file 起始页 第 33 章 Download Tools
第 33 章 Download Tools
部分 IV. File Transfer, Synchronize, Storage And Backup/
上一页 下一页
Restore
第 33 章 Download Tools
目录
* 启动
-V, –version 显示wget的版本后退出
-h, –help 打印语法帮助
-b, –background 启动后转入后台执行
-e, –execute=COMMAND 执行`.wgetrc’格式的命令,wgetrc格式参见/etc/wgetrc或~/.wgetrc
* 记录和输入文件
-o, –output-file=FILE 把记录写到FILE文件中
-a, –append-output=FILE 把记录追加到FILE文件中
-d, –debug 打印调试输出
-q, –quiet 安静模式(没有输出)
-v, –verbose 冗长模式(这是缺省设置)
-nv, –non-verbose 关掉冗长模式,但不是安静模式
-i, –input-file=FILE 下载在FILE文件中出现的URLs
-F, –force-html 把输入文件当作HTML格式文件对待
-B, –base=URL 将URL作为在-F -i参数指定的文件中出现的相对链接的前缀
–sslcertfile=FILE 可选客户端证书
–sslcertkey=KEYFILE 可选客户端证书的KEYFILE
–egd-file=FILE 指定EGD socket的文件名
* 下载
–bind-address=ADDRESS 指定本地使用地址(主机名或IP,当本地有多个IP或名字时使用)
-t, –tries=NUMBER 设定最大尝试链接次数(0 表示无限制).
-O –output-document=FILE 把文档写到FILE文件中
-nc, –no-clobber 不要覆盖存在的文件或使用.#前缀
-c, –continue 接着下载没下载完的文件
–progress=TYPE 设定进程条标记
-N, –timestamping 不要重新下载文件除非比本地文件新
-S, –server-response 打印服务器的回应
–spider 不下载任何东西
-T, –timeout=SECONDS 设定响应超时的秒数
-w, –wait=SECONDS 两次尝试之间间隔SECONDS秒
–waitretry=SECONDS 在重新链接之间等待1…SECONDS秒
–random-wait 在下载之间等待0…2*WAIT秒
-Y, –proxy=on/off 打开或关闭代理
-Q, –quota=NUMBER 设置下载的容量限制
–limit-rate=RATE 限定下载输率
* 目录
-nd –no-directories 不创建目录
-x, –force-directories 强制创建目录
-nH, –no-host-directories 不创建主机目录
-P, –directory-prefix=PREFIX 将文件保存到目录 PREFIX/…
–cut-dirs=NUMBER 忽略 NUMBER层远程目录
* HTTP 选项
–http-user=USER 设定HTTP用户名为 USER.
–http-passwd=PASS 设定http密码为 PASS.
-C, –cache=on/off 允许/不允许服务器端的数据缓存 (一般情况下允许).
-E, –html-extension 将所有text/html文档以.html扩展名保存
–ignore-length 忽略 `Content-Length’头域
–header=STRING 在headers中插入字符串 STRING
–proxy-user=USER 设定代理的用户名为 USER
–proxy-passwd=PASS 设定代理的密码为 PASS
–referer=URL 在HTTP请求中包含 `Referer: URL’头
-s, –save-headers 保存HTTP头到文件
-U, –user-agent=AGENT 设定代理的名称为 AGENT而不是 Wget/VERSION.
–no-http-keep-alive 关闭 HTTP活动链接 (永远链接).
–cookies=off 不使用 cookies.
–load-cookies=FILE 在开始会话前从文件 FILE中加载cookie
–save-cookies=FILE 在会话结束后将 cookies保存到 FILE文件中
* FTP 选项
-nr, –dont-remove-listing 不移走 `.listing’文件
-g, –glob=on/off 打开或关闭文件名的 globbing机制
–passive-ftp 使用被动传输模式 (缺省值).
–active-ftp 使用主动传输模式
–retr-symlinks 在递归的时候,将链接指向文件(而不是目录)
* 递归下载
-r, –recursive 递归下载--慎用!
-l, –level=NUMBER 最大递归深度 (inf 或 0 代表无穷).
–delete-after 在现在完毕后局部删除文件
-k, –convert-links 转换非相对链接为相对链接
-K, –backup-converted 在转换文件X之前,将之备份为 X.orig
-m, –mirror 等价于 -r -N -l inf -nr.
-p, –page-requisites 下载显示HTML文件的所有图片
* 递归下载中的包含和不包含(accept/reject)
-A, –accept=LIST 分号分隔的被接受扩展名的列表
setlocal ENABLEDELAYEDEXPANSION
for /l %%i in (1001,1,1162) do for /l %%j in (101,1,112) do @(
set s=%%i
set t=%%j
wget -O !s:~1,3!!t:~1,2!.jpg hxxp://www.sergeaura.net/TGP/!
s:~1,3!/images/!t:~1,2!.jpg)
endlocal
-np 的作用是不遍历父目录
-nd 不重新创建目录结构。
-c 选项的作用为断点续传。
下载所有图片
http://netkiller.sourceforge.net/linux/ch33s02.html[21/5/2010 21:44:49]
第 34 章 FTP (File Transfer Protocol)
ncftp
batch command
ncftpget
ncftpput
FileZilla
vsftpd - The Very Secure FTP Daemon
ProFTPD + MySQL / OpenLDAP 用户认证
Proftpd + MySQL
Proftpd + OpenLDAP
Pure-FTPd + LDAP + MySQL + PGSQL + Virtual-Users + Quota
参考http://netkiller.8800.org/article/ftpserver/
ncftp
batch command
ncftpget
ncftpput
FileZilla
上一页 第 34 章 FTP (File Transfer Protocol) 下一页
FileZilla
http://filezilla-project.org/
http://netkiller.sourceforge.net/linux/ch34s02.html[21/5/2010 21:44:52]
vsftpd - The Very Secure FTP Daemon
test
$ ncftp ftp://neo@127.0.0.1/
NcFTP 3.2.1 (Jul 29, 2007) by Mike Gleason (http://www.NcFTP.com/contact/).
Connecting to 127.0.0.1...
(vsFTPd 2.0.7)
Logging in...
Password requested by 127.0.0.1 for user "neo".
Password: *******
Login successful.
Logged in to 127.0.0.1.
Current remote directory is /home/neo.
ncftp /home/neo >
下载ProFTPD : ftp://ftp.proftpd.org/distrib/source/proftpd-1.2.7.tar.gz
下载 mod_sql : http://www.lastditcheffort.org/~aah/proftpd/mod_sql/
下载mod_ldap-2.8.10 : http://www.horde.net/~jwm/software/mod_ldap/
Proftpd + MySQL
cd proftpd-version
make
make install
安装成功后,测试ProFTPD,启动ProFTPD
/usr/local/proftpd/sbin/in.proftpd
如果没有显示任何信息,ProFTPD启动成功。使用系统用户登录Ftp Server
Name (localhost:root):usera
Password:
ftp>
ProFTPD测试成功,关闭ProFTPD
killall in.proftpd
编辑proftpd.conf文件
vi /usr/local/proftpd/etc/proftpd.conf
添加下面几行参数
<Global>
SQLAuthTypes Plaintext
RequireValidShell off
</Global>
格式说明:
SQLConnectInfo 数据库@主机名:端口 用户 密码
创建ftpusers.sql文件
--
---------------------------------------------------------
--
--
) TYPE=MyISAM;
--
--
--
--
) TYPE=MyISAM;
--
--
创建数据库与表
[mysql@linux mysql]$
再次启动ProFTPD
/usr/local/proftpd/sbin/in.proftpd
这次使用MySQL用户登录Ftp Server
Proftpd + OpenLDAP
cd proftpd-version
make
make install
将mod_ldap-2.8.10目录下的posixAccount-objectclass和posixGroup-objectclass
复制到OpenLDAP 的schema目录下:
# cp mod_ldap-2.8.10/posix* /etc/openldap/schema/
# vi /etc/openldap/slapd.conf
修改OpenLDAP的配置文件slapd.conf,将这两个文件包含到该文件中:
include /etc/openldap/schema/posixAccount-objectclass
include /etc/openldap/schema/posixGroup-objectclass
重新启动OpenLDAP:
Stopping slapd: [ OK ]
Starting slapd: [ OK ]
编辑proftpd.conf文件
vi /usr/local/proftpd/etc/proftpd.conf
添加下面几行参数
<Global>
LDAPServer localhost
LDAPDNInfo cn=your-dn,dc=horde,dc=net dnpass
LDAPDoAuth on "dc=users,dc=horde,dc=net"
</Global>
格式说明:
LDAPServer OpenLDAP服务器
LDAPDNInfo cn=你的-dn,dc=区域名,dc=区域名 dn密码
LDAPDoAuth on "dc=区域名,dc=区域名"
例子:
<Global>
LDAPServer localhost
LDAPDoAuth on dc=xuser,dc=net
</Global>
根据自己需要修改mod_ldap-2.8.10目录中的group-ldif和user-ldif文件,并将条目添加到OpenLDAP中:
使用ldapsearch查看记录
# ldapsearch -x -b "dc=xuser,dc=net"
启动ProFTPD:
/usr/local/proftpd/sbin/in.proftpd
使用OpenLDAP用户登录Ftp Server
例:
objectclass: posixGroup
cn: mygroup
gidNumber: 100
memberUid: user1
memberUid: user2
memberUid: user3
memberUid: user4
memberUid: ftpusersb
memberUid: usera
memberUid: jwm
memberUid: 100
objectclass: posixAccount
uid: jwm
uidNumber: 2000
gidNumber: 100
homeDirectory: /home/chen
userPassword: {crypt}*
loginShell: /bin/bash
objectclass: posixAccount
cn: chen
uid: chen
uidNumber: 2000
gidNumber: 100
homeDirectory: /home/chen
userPassword: {crypt}sa7XjjlytXZZ2
loginShell: /bin/bash
objectclass: posixAccount
cn: ftpuser1
uid: ftpuser1
uidNumber: 2000
gidNumber: 100
homeDirectory: /home/chen
userPassword: {crypt}sa7XjjlytXZZ2
loginShell: /bin/bash
objectclass: posixAccount
cn: usera
uid: usera
uidNumber: 2000
gidNumber: 100
homeDirectory: /tmp
userPassword:{crypt}sa7XjjlytXZZ2
loginShell: /bin/bash
objectclass: posixAccount
cn: ftpuserb
uid: ftpuserb
uidNumber: 2000
gidNumber: 100
homeDirectory: /tmp
userPassword:{crypt}O2BooHEK9JI06
loginShell: /bin/bash
上面的用户密码是用crypt方式加密的密码,密码产生请看
使用PHP产生:
# cat des.php
<html>
<p>DES 密碼產生器</p>
</form>
<?
$enpw=crypt($passwd);
?>
使用perl产生:
产生的DES密码,同样也可以用于OpenLDAP的管理员密码
# vi /etc/openldap/slapd.conf
rootpw {crypt}ijFYNcSNctBYg
四、 标准的配置文件
MySQL认证配置实例
ServerType standalone
DefaultServer on
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
Umask 022
# blocks we may want to add. For a simple server these don't need to
<Global>
SQLAuthTypes Plaintext
RequireValidShell off
</Global>
# at once, simply increase this value. Note that this ONLY works
# (such as xinetd)
MaxInstances 30
# Set the normal user and group permissions for the server.
User nobody
Group nogroup
<Directory /*>
AllowOverwrite on
</Directory>
<Anonymous ~ftp>
User ftp
Group ftp
MaxClients 10
DisplayLogin welcome.msg
DisplayFirstChdir .message
<Limit WRITE>
DenyAll
</Limit>
</Anonymous>
OpenLDAP认证配置实例
ServerType standalone
DefaultServer on
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
Umask 022
<Global>
LDAPDoAuth on dc=xuser,dc=net
LDAPServer localhost
</Global>
# at once, simply increase this value. Note that this ONLY works
# (such as xinetd).
MaxInstances 30
# Set the user and group under which the server will run.
User nobody
Group nogroup
<Directory />
AllowOverwrite on
</Directory>
<Anonymous ~ftp>
User ftp
Group ftp
MaxClients 10
DisplayLogin welcome.msg
DisplayFirstChdir .message
<Limit WRITE>
DenyAll
</Limit>
</Anonymous>
# Include /usr/local/etc/mod_ldap.conf
OpenLDAP 配置文件
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/redhat/rfc822-MailMember.schema
include /etc/openldap/schema/redhat/autofs.schema
include /etc/openldap/schema/redhat/kerberosobject.schema
include /etc/openldap/schema/chen
include /etc/openldap/schema/posixAccount-objectclass
include /etc/openldap/schema/posixGroup-objectclass
#include /etc/openldap/schema/qmail_schema
#include /etc/openldap/slapd.info.oc.conf
#include /etc/openldap/slapd.account.oc.conf
#referral ldap://root.openldap.org
#pidfile //var/run/slapd.pid
#argsfile //var/run/slapd.args
#replogfile /var/lib/ldap/master-slapd.replog
# modulepath /usr/sbin/openldap
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
# The next two lines allow use of TLS for connections using a dummy test
#TLSCertificateFile /usr/share/ssl/certs/slapd.pem
#TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
#######################################################################
#######################################################################
database ldbm
suffix "dc=xuser,dc=net"
rootdn "cn=Manager,dc=xuser,dc=net"
#rootdn "cn=Manager,dc=my-domain,dc=com"
rootpw secret
# rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
directory /var/lib/ldap
# Indices to maintain
index objectClass,uid,uidNumber,gidNumber,memberUid eq
# bindmethod=sasl saslmech=GSSAPI
# authcId=host/ldap-master.example.com@EXAMPLE.COM
五、 FAQ
Q:在本地ftp localhost输入用户名、密码回车后。等很久才进入FTP Server
A:ftp 127.0.0.1
500 FTP server shut down (going down at Tue Dec 17 19:00:00 2002) -- please try
again later.
ftp>
Q:登录Ftp Server 提示
Login failed.
我确认输入的用户、密码决对正确
A:网上很多文章,比较老,很多定义现以不在使用如:
SQLAuthoritative ON
SQLDefaultGID 1001
SQLDefaultUID 1001
SQLDoAuth ON
SQLDoGroupAuth ON
SQLGidField gid
SQLGroupGIDField gid
SQLGroupMembersField members
SQLGroupTable ftpgroup
SQLGroupnameField groupname
SQLHomedirField homedir
SQLMinUserUID 400
SQLMinUserGID 400
SQLPasswordField passwd
SQLUidField uid
SQLUserTable ftpuser
SQLUsernameField userid
SQLLoginCountField count
########################################################
LDAPServer "localhost"
LDAPPrefix "dc=horde,dc=net"
LDAPDN "cn=thedn,dc=horde,dc=net"
LDAPDNPass "ldap_dnpass"
LDAPNegativeCache on
http://netkiller.sourceforge.net/linux/ch34s05.html[21/5/2010 21:45:01]
第 35 章 Samba
第 35 章 Samba
部分 IV. File Transfer, Synchronize, Storage And Backup/
上一页 下一页
Restore
第 35 章 Samba
目录
install
smb.conf
Security consideration
by Example
share
user
test
nmblookup - NetBIOS over TCP/IP client used to lookup NetBIOS names
smbfs/smbmount/smbumount
smbclient - ftp-like client to access SMB/CIFS resources on servers
显示共享目录
访问共享资源
用户登录
smbtar - shell script for backing up SMB/CIFS shares directly to UNIX tape drives
FAQ
smbd/service.c:make_connection_snum(1013)
install
环境 ubuntu 8.10
查看Samba 服务器的端口
防火墙
neo@shenzhen:~$ iptables -L
iptables -L
smb.conf
上一页 第 35 章 Samba 下一页
smb.conf
security = share|user 共享|用户模式
comment = 描述
valid users = '%S'登录用户,'neo'允许neo访问
read only = 'No'读写模式,'Yes'只读模式
browseable = 'No'不显示, 'Yes'显示
Security consideration
[global]
interfaces = lo, eth0
bind interfaces only = true
http://netkiller.sourceforge.net/linux/ch35s02.html[21/5/2010 21:45:05]
by Example
by Example
上一页 第 35 章 Samba 下一页
by Example
Backup the /etc/samba/smb.conf file:
share
security = share
[tmp]
comment = test
writable = yes
locking = yes
path = /tmp
public = yes
[neo]
comment = neo
writable = yes
locking = yes
path = /home/neo/
public = yes
[htdocs]
comment = neo
writable = yes
locking = yes
path = /opt/lampp/htdocs
public = yes
user
security = user
add user
enable
del user
test
测试配置文件是否正确
$ testparm
查看共享目录
$ smbclient -L localhost -N
Server Comment
--------- -------
PRINTSERVER
UBUNTU ubuntu server (Samba, Ubuntu)
Workgroup Master
--------- -------
WORKGROUP PRINTSERVER
Windows 访问测试
共享名 类型 使用为 注释
----------------------------------------------------------
developer Disk Development
命令运行完毕,但发生一个或多个错误。
$ nmblookup -A 172.16.0.5
Looking up status of 172.16.0.5
USER <00> - B <ACTIVE>
WORKGROUP <00> - <GROUP> B <ACTIVE>
USER <20> - B <ACTIVE>
WORKGROUP <1e> - <GROUP> B <ACTIVE>
WORKGROUP <1d> - B <ACTIVE>
..__MSBROWSE__. <01> - <GROUP> B <ACTIVE>
http://netkiller.sourceforge.net/linux/ch35s04.html[21/5/2010 21:45:08]
smbfs/smbmount/smbumount
smbfs/smbmount/smbumount
上一页 第 35 章 Samba 下一页
smbfs/smbmount/smbumount
smbmount
使用neo帐号登录
mount
http://netkiller.sourceforge.net/linux/ch35s05.html[21/5/2010 21:45:10]
smbclient - ftp-like client to access SMB/CIFS resources on servers
显示共享目录
$ smbclient -L 172.16.1.3
Server Comment
--------- -------
DEBIAN debian server
NETKILLER netkiller server (Samba, Ubuntu)
Workgroup Master
--------- -------
WORKGROUP DEBIAN
访问共享资源
访问developer共享目录
$ smbclient //localhost/developer
用户登录
使用用户Neo登录
smbtar - shell script for backing up SMB/CIFS shares directly to UNIX tape drives
上一页 第 35 章 Samba 下一页
http://netkiller.sourceforge.net/linux/ch35s07.html[21/5/2010 21:45:14]
FAQ
FAQ
上一页 第 35 章 Samba 下一页
FAQ
smbd/service.c:make_connection_snum(1013)
'/www' does not exist or permission denied when connecting to [www] Error was
Permission denied
[2010/05/17 17:26:08, 0] smbd/service.c:make_connection_snum(1013)
'/www' does not exist or permission denied when connecting to [www] Error was
Permission denied
[2010/05/17 17:26:08, 0] smbd/service.c:make_connection_snum(1013)
'/www' does not exist or permission denied when connecting to [www] Error was
Permission denied
[2010/05/17 17:26:11, 0] smbd/service.c:make_connection_snum(1013)
'/www' does not exist or permission denied when connecting to [www] Error was
Permission denied
[2010/05/17 17:26:13, 0] smbd/service.c:make_connection_snum(1013)
'/www' does not exist or permission denied when connecting to [www] Error was
Permission denied
[2010/05/17 17:26:13, 0] smbd/service.c:make_connection_snum(1013)
'/www' does not exist or permission denied when connecting to [www] Error was
Permission denied
[2010/05/17 17:26:13, 0] smbd/service.c:make_connection_snum(1013)
'/www' does not exist or permission denied when connecting to [www] Error was
Permission denied
[2010/05/17 17:26:13, 0] smbd/service.c:make_connection_snum(1013)
'/www' does not exist or permission denied when connecting to [www] Error was
Permission denied
关闭 SELinux
http://netkiller.sourceforge.net/linux/ch35s08.html[21/5/2010 21:45:16]
第 36 章 File Synchronize
第 36 章 File Synchronize
上一页 部分 IV. File Transfer, Synchronize, Storage And Backup/Restore 下一页
第 36 章 File Synchronize
目录
过程 36.1. rsync
1. 安装rsync
在AS3 第二张CD上找到rsync-2.5.6-20.i386.rpm
2. 配置/etc/rsyncd.conf
在rh9,as3系统上rsync安装后,并没有创建rsyncd.conf文档,要自己创建rsyncd.conf文档
uid=nobody
gid=nobody
max connections=5
use chroot=no
log file=/var/log/rsyncd.log
pid file=/var/run/rsyncd.pid
lock file=/var/run/rsyncd.lock
#auth users=root
secrets file=/etc/rsyncd.passwd
[postfix]
path=/var/mail
comment = backup mail
ignore errors
read only = yes
list = no
auth users = postfix
[netkiller]
path=/home/netkiller/web
comment = backup 9812.net
ignore errors
read only = yes
list = no
auth users = netkiller
[pgsqldb]
path=/var/lib/pgsql
comment = backup postgresql database
ignore errors
read only = yes
list = no
a. 选项说明
uid = nobody
gid = nobody
use chroot = no # 不使用chroot
max connections = 4 # 最大连接数为4
pid file = /var/run/rsyncd.pid #进程ID文件
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log # 日志记录文件
secrets file = /etc/rsyncd.pwd # 认证文件名,主要保存用户密码,权限建议设为600,所有者root
[module] # 这里是认证的模块名,在client端需要指定
path = /var/mail # 需要做镜像的目录
comment = backup xxxx # 注释
ignore errors # 可以忽略一些无关的IO错误
read only = yes # 只读
list = no # 不允许列文件
auth users = postfix # 认证的用户名,如果没有这行,则表明是匿名
[other]
path = /path/to...
comment = xxxxx
b. 密码文件
在server端生成一个密码文件/etc/rsyncd.pwd
c. 启动rsync daemon
3. 添加到启动文件
echo "rsync --daemon" >> /etc/rc.d/rc.
local [ OK ]
1. installation
2. enable
RSYNC_ENABLE=true
3. config /etc/rsyncd.conf
uid=nobody
gid=nobody
max connections=5
use chroot=no
pid file=/var/run/rsyncd.pid
lock file=/var/run/rsyncd.lock
log file=/var/log/rsyncd.log
#auth users=root
secrets file=/etc/rsyncd.secrets
[neo]
path=/home/neo/www
comment = backup neo
ignore errors
read only = yes
list = no
auth users = neo
[netkiller]
path=/home/netkiller/public_html
comment = backup netkiller
ignore errors
read only = yes
list = no
auth users = netkiller
[mirror]
path=/var/www/netkiller.8800.org/html/
comment = mirror netkiller.8800.org
exclude = .svn
ignore errors
read only = yes
list = yes
[music]
path=/var/music
comment = backup music database
ignore errors
read only = yes
list = no
[pgsqldb]
path=/var/lib/pgsql
comment = backup postgresql database
ignore errors
read only = yes
list = no
auth users = neo,netkiller
4. /etc/rsyncd.secrets
neo:123456
netkiller:123456
5. start
6. test
firewall
upload
for example:
download
mirror
rsync使用方法
rsync rsync://认证用户@主机/模块
2. skipping directory
4. backup
backup-dir
5. update
6. --archive
7. --compress
8. --delete
src
svn@netkiller:~$ ls src/
dir1 dir2 file1 file2 file3
dest
src
dest
rsync examples
http://samba.anu.edu.au/rsync/examples.html
例 36.1. examples
#!/bin/sh
# This script does personal backups to a rsync backup server. You will end up
# with a 7 day rotating incremental backup. The incrementals will go
# into subdirectories named after the day of the week, and the current
# full backup goes into a directory called "current"
# tridge@linuxcare.com
# directory to backup
BDIR=/home/$USER
# excludes file - this contains a wildcard pattern per line of files to exclude
EXCLUDES=$HOME/cron/excludes
########################################################################
BACKUPDIR=`date +%A`
OPTS="--force --ignore-errors --delete-excluded --exclude-from=$EXCLUDES
--delete --backup --backup-dir=/$BACKUPDIR -a"
export PATH=$PATH:/bin:/usr/bin:/usr/local/bin
#!/bin/sh
export PATH=/usr/local/bin:/usr/bin:/bin
for d in $LIST; do
mount /backup/$d
rsync -ax --exclude fstab --delete /$d/ /backup/$d/
umount /backup/$d
done
DAY=`date "+%A"`
The first part does the backup on the spare disk. The second part
backs up the critical parts to daily directories. I also backup the
critical parts using a rsync over ssh to a
remote machine.
#!/bin/bash
cd /var/www/cvs/vger/
PATH=/usr/local/bin:/usr/freeware/bin:/usr/bin:/bin
sum1=`sum $HOME/ChangeLog`
sum2=`sum /var/www/cvs/vger/CVSROOT/ChangeLog`
I use rsync to backup my wifes home directory across a modem link each
night. The cron job looks like this
#!/bin/sh
cd ~susan
{
echo
date
dest=~/backup/`date +%A`
mkdir $dest.new
find . -xdev -type f \( -mtime 0 -or -mtime 1 \) -exec cp -aPv "{}"
$dest.new \;
note that most of this script isn't anything to do with rsync, it just
creates a daily backup of Susans work in a ~susan/backup/ directory so
she can retrieve any version from the last week. The last line does
the rsync of her directory across the modem link to the host
samba. Note that I am using the -C option which allows me to add
entries to .cvsignore for stuff that doesn't need to be
backed up.
One little known feature of rsync is the fact that when run over a
remote shell (such as rsh or ssh) you can give any shell command as
the remote file list. The shell command is expanded by your remote
shell before rsync is called. For example, see if you can work out
what this does:
http://www.rsync.net/resources/howto/windows_rsync.html
tsync
上一页 第 36 章 File Synchronize 下一页
tsync
homepage: http://tsyncd.sourceforge.net/
http://netkiller.sourceforge.net/linux/ch36s02.html[21/5/2010 21:45:21]
Unison File Synchronizer
homepage: http://www.cis.upenn.edu/~bcpierce/unison/
installation
local
dir to dir
remote
ssh
socket
target host
source host
config
vim ~/.unison/config.prf
root = /var/www
root = ssh://netkiller@netkiller.8800.org//var/www
force = /var/www
ignore = Path templates_compiled
ignore = Name tmp/*.pdf
auto = true
log = true
logfile = /home/netkiller/.unison/netkiller.8800.org.log
server
1. installation
$ cat /etc/inetd.conf
csync2 stream tcp nowait root /usr/sbin/csync2 csync2 -
i
If you are indeed using xinetd, you will have to convert the above into /etc/xinetd.conf format, and add it
manually.
service csync2
{
disable = no
protocol = tcp
socket_type = stream
wait = no
user = root
server = /usr/sbin/csync2
server_args = -i
}
/etc/services
3. After having done everything, we are now going to configure Csync2 so that we can determine which files are
going to be synchronized.
For this example, we are going to synchronize /etc/apache2 and /etc/mysql. For that we open /etc/csync2.cfg and
we configure it like this:
key /etc/csync2_ssl_cert.key;
include /etc/apache2/;
include /home/neo;
backup-directory /var/backups/csync2;
backup-generations 3;
auto none; #no automatic sync
}
4. hosts
5. restart
node
过程 36.4. node
2. install
4. restart
test
过程 36.5. testing
1. master
2. node
neo@slave:/etc/apache2$ ls test.master -l
-rw-r--r-- 1 root root 0 2008-10-31 06:37 test.master
Advanced Configuration
例 36.7. /etc/csync2.cfg
group www {
host master;
host (slave);
key /etc/csync2_ssl_cert.key;
include /etc/apache2/;
include /etc/csync2.cfg;
include /var/www;
include %homedir%/neo;
exclude %homedir%/neo/temp;
exclude *~ .*;
action
{
pattern /etc/apache2/httpd.conf;
pattern /etc/apache2/sites-available/*;
exec "/usr/sbin/apache2ctl graceful";
logfile "/var/log/csync2_action.log";
do-local;
}
backup-directory /var/backups/csync2;
backup-generations 3;
auto none;
}
prefix homedir
{
on *: /home;
}
Accounts
Volumes
RAID
iSCSI
Quota
Shares
Openfiler is a powerful, intuitive browser-based network storage software distribution. Openfiler delivers file-
based Network Attached Storage and block-based Storage Area Networking in a single framework.
openfiler 的官方网站
1. 登录管理界面
https://<ip address>:446/
初始帐号和密码是: openfiler/password
2. 首先要修改默认密码
Accounts->Admin Password
Submit 提交
Accounts
● 用户认证
openfiler.ldif
dn: ou=people,dc=bg7nyt,dc=cn
ou: people
objectClass: organizationalUnit
dn: ou=Idmap,dc=bg7nyt,dc=cn
ou: Idmap
objectClass: organizationalUnit
添加people组织单元
a. Accounts->Authentication
Use LDAP: 打勾
Server: ldap.bg7nyt.cn
Base DN: dc=bg7nyt,dc=cn
Root bind DN: cn=root,dc=bg7nyt,dc=cn
Root bind Password: 你的密码
b. Services->LDAP Settings
● Services->Enable/Disable
● Accounts->Account Administration
i. Group Administration
Username: 用户名
Password: 密码
Retype password: 确认密码
Primary Group: 用户组
查看组织单元:ou=people,dc=bg7nyt,dc=cn
# people, bg7nyt.cn
dn: ou=people,dc=bg7nyt,dc=cn
ou: people
objectClass: organizationalUnit
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2
Volumes
上一页 第 37 章 Network Storage - Openfiler 下一页
Volumes
● 卷管理 [Volumes]
我这里是使用VMware做的试验,在VMware中增加一些硬盘即可.
openfiler安装在/dev/sda,/dev/sda硬盘空间不用太大,单独给openfiler使用.建议做RAID 1(硬件RAID卡或服务器主版
提供的RAID)
其它硬盘是用于存储的硬盘,如果有条件这些硬盘组也最好做成硬RAID,没有条件我们可以在openfiler中做软件RAID.
Mode: Primary
Partition Type: [Physical volume] / [RAID array member]
Starting cylinder: 1
Ending cylinder Size: 1044
Size: 自动产生
单击"Create"创建分区
如果没有特别需求,不需要创建多个分区.
Device Type Number Start cyl End cyl Blocks Size Type Delete
/dev/sdb1 Linux Physical Volume (0x8e) 1 1 10 78831 76.98 MB Primary Delete
/dev/sdb2 Linux Physical Volume (0x8e) 2 10 100 721920 705.00 MB Primary Delete
/dev/sdb3 Linux Physical Volume (0x8e) 3 100 200 801792 783.00 MB Primary Delete
/dev/sdb4 Linux Physical Volume (0x8e) 4 200 300 802816 784.00 MB Primary Delete
/dev/sdb5 Linux Physical Volume (0x8e) 5 300 400 801792 783.00 MB Primary Delete
应急使用可以,不建议长期使用.
Volume Group Name Size Allocated Free Members Add physical storage Delete VG
vg0 15.94 GB 0 bytes 15.94 GB View member PVs Add PVs Delete
分区列表前面打勾
[Submit]提交
选择VG
创建卷
Volume Name: 卷名
Volume Description: 描述
Required Space (MB): 配额
Filesystem type: 文件系统
单击[Create]按钮
RAID
Openfiler提供软RAID.
单击[Create]按钮创建RAID组成员
单击[Add array]创建RAID
RAID创建完成后,就可以卷组和卷
RAID 6 采用双校验盘最少4块硬盘
iSCSI
单击[Create]按钮
单击[Update]按钮
单击[Update]按钮
默认是:Deny, 修为Allow
单击 Discovery 选项卡
单击 [ Add ] 按钮
单击 [ OK ] 按钮
单击 Targets 选项卡
单击 [ OK ] 按钮
完成Initiator设置
初始化硬盘
选择硬盘
初始化完成,红色图标消失后你就可以对磁盘分区,挂载卷,格式化。
使用 iSCSI 与使用本地磁盘完全一样。
Quota
上一页 第 37 章 Network Storage - Openfiler 下一页
Quota
●
注意
有些文件系统不支持Quota
单击[Change]按钮
单击[Apply]按钮
http://netkiller.sourceforge.net/linux/ch37s03.html[21/5/2010 21:45:40]
Shares
Shares
上一页 第 37 章 Network Storage - Openfiler 下一页
Shares
● Shares
单击列表内的连接.
单击[Change]按钮 修改
组的权限制
单击[Update]按钮
主机访问权限配置
单击[Update]按钮
第 38 章 Backup / Restore
部分 IV. File Transfer, Synchronize, Storage And
上一页 下一页
Backup/Restore
第 38 章 Backup / Restore
目录
Simple Backup
Bacula, the Open Source, Enterprise ready, Network Backup Tool for Linux, Unix, Mac and
Windows.
Amanda: Open Source Backup
Simple Backup
tar
# Server
$ tar cf - win98 | nc -l -p 5555
# Backup Machine
nc server_ip/server_doman_name 5555 | tar xf -
http://netkiller.sourceforge.net/linux/ch38.html[21/5/2010 21:45:45]
Bacula, the Open Source, Enterprise ready, Network Backup Tool for Linux, Unix, Mac and Windows.
Bacula, the Open Source, Enterprise ready, Network Backup Tool for Linux, Unix,
Mac and Windows.
上一页 第 38 章 Backup / Restore 下一页
http://netkiller.sourceforge.net/linux/ch38s02.html[21/5/2010 21:45:47]
Amanda: Open Source Backup
Amanda is the most popular open source backup and recovery software in the world. Amanda
protects more than half a million of servers and desktops running various versions of Linux,
UNIX, BSD, Mac OS-X and Microsoft Windows operating systems worldwide.
http://netkiller.sourceforge.net/linux/ch38s03.html[21/5/2010 21:45:49]
第 39 章 inotify
第 39 章 inotify
部分 IV. File Transfer, Synchronize, Storage And
上一页 下一页
Backup/Restore
第 39 章 inotify
目录
inotify-tools
Incron - cron-like daemon which handles filesystem events
inotify-tools + rsync
pyinotify
$ ls -ld /proc/sys/fs/inotify/*
inotify-tools
Installation
inotifywait -r -m $HOME
监控登录过程
/home/neo/ OPEN,ISDIR
/home/neo/ CLOSE_NOWRITE,CLOSE,ISDIR
/home/neo/ OPEN,ISDIR
/home/neo/ CLOSE_NOWRITE,CLOSE,ISDIR
/home/neo/ OPEN helloworld.txt
/home/neo/ ACCESS helloworld.txt
/home/neo/ CLOSE_NOWRITE,CLOSE helloworld.txt
/home/neo/ OPEN,ISDIR
/home/neo/ CLOSE_NOWRITE,CLOSE,ISDIR
/home/neo/ OPEN,ISDIR
/home/neo/ CLOSE_NOWRITE,CLOSE,ISDIR
/home/neo/ DELETE helloworld.txt
http://netkiller.sourceforge.net/linux/ch39s02.html[21/5/2010 21:45:52]
inotify-tools + rsync
inotify-tools + rsync
上一页 第 39 章 inotify 下一页
inotify-tools + rsync
1. -m 是保持一直监听
2. -r 是递归查看目录
3. -q 是打印出事件~
4. -e create,move,delete,modify 监听 创建 移动 删除 写入 事件
#!/bin/sh
# A slightly complex but actually useful example
inotifywait -mrq --timefmt '%d/%m/%y %H:%M' --format '%T %f' \
-e close_write /home/billy | while read date time file; do
rsync /home/billy/${file} rsync://billy@example.com/backup/${file} && \
echo "At ${time} on ${date}, file ${file} was backed up via rsync"
done
# monitor path
monitor_path=cms
#inotifywait path
INOTIFYWAIT=inotifywait
$INOTIFYWAIT -mrq --event close_write --format '%w%f %e' $monitor_path | while read
file event; do
if [ "$event" = "CLOSE_WRITE,CLOSE" ]; then
ext=$(echo $file | awk -F'.' '{print $2}')
if [ $ext = 'jpg' ]; then
images $file
fi
if [ $ext = 'html' ]; then
html $file
fi
fi
done &
pyinotify
上一页 第 39 章 inotify 下一页
pyinotify
http://netkiller.sourceforge.net/linux/ch39s04.html[21/5/2010 21:45:57]
第 40 章 Distributed Filesystem
第 40 章 Distributed Filesystem
部分 IV. File Transfer, Synchronize, Storage And Backup/
上一页 下一页
Restore
第 40 章 Distributed Filesystem
目录
实验环境需要两台电脑,如果你没有,建议你使用VMware,并且为每一个虚拟机添加两块硬盘。
实验环境
check partition
format /dev/sdb1
reiserfs
Installation
installation
configure
edit /etc/drbd.conf
global {
usage-count yes;
}
common {
protocol C;
}
resource r0 {
on master {
device /dev/drbd0;
disk /dev/sdb5;
address 192.168.0.1:7789;
meta-disk internal;
}
on slave {
device /dev/drbd0;
disk /dev/sdb5;
address 10.1.1.32:7789;
meta-disk internal;
}
}
Starting
master
slave
status
Using
master
slave
Coda
上一页 第 40 章 Distributed Filesystem 下一页
Coda
http://netkiller.sourceforge.net/linux/ch40s02.html[21/5/2010 21:46:02]
GlusterFS
GlusterFS
上一页 第 40 章 Distributed Filesystem 下一页
GlusterFS
http://www.gluster.org/
http://netkiller.sourceforge.net/linux/ch40s03.html[21/5/2010 21:46:04]
MogileFS
MogileFS
上一页 第 40 章 Distributed Filesystem 下一页
MogileFS
http://www.danga.com/mogilefs/
http://netkiller.sourceforge.net/linux/ch40s04.html[21/5/2010 21:46:07]
Lustre
Lustre
上一页 第 40 章 Distributed Filesystem 下一页
Lustre
Lustre
http://netkiller.sourceforge.net/linux/ch40s05.html[21/5/2010 21:46:09]
Hadoop - HDFS
Hadoop - HDFS
上一页 第 40 章 Distributed Filesystem 下一页
Hadoop - HDFS
http://hadoop.apache.org/
java
$ cd /usr/local/src/
$ wget http://apache.etoak.com/hadoop/core/hadoop-0.20.0/hadoop-0.20.0.tar.gz
$ tar zxvf hadoop-0.20.0.tar.gz
$ sudo cp -r hadoop-0.20.0 ..
$ sudo ln -s hadoop-0.20.0 hadoop
$ cd hadoop
2. Configuration
hadoop-env.sh
$ vim conf/hadoop-env.sh
export JAVA_HOME=/usr
conf/core-site.xml
$ vim conf/core-site.xml
<configuration>
<property>
<name>fs.default.name</name>
<value>hdfs://localhost:9000</value>
</property>
</configuration>
conf/hdfs-site.xml
$ vim conf/hdfs-site.xml
<configuration>
<property>
<name>dfs.replication</name>
<value>1</value>
</property>
</configuration>
conf/mapred-site.xml
$ vim conf/mapred-site.xml
<configuration>
<property>
<name>mapred.job.tracker</name>
<value>localhost:9001</value>
</property>
</configuration>
Now check that you can ssh to the localhost without a passphrase:
$ ssh localhost
If you cannot ssh to localhost without a passphrase, execute the following commands:
$ ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa
$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
4. Execution
5. Monitor
Browse the web interface for the NameNode and the JobTracker; by default they are available at:
● NameNode - http://localhost:50070/
● JobTracker - http://localhost:50030/
6. Test
1. SSH
2. Hadoop
41. System
pmap - report memory map of a process
Webmin
logwatch
nmon
nulog
42. Network
Cacti
Nagios
BIG BROTHER
Bandwidth
OpenNMS
43. Web
awstats
webalizer
44. Zenoss
45. Ganglia
上一页 下一页
Hadoop - HDFS 起始页 第 41 章 System
http://netkiller.sourceforge.net/linux/pt05.html[21/5/2010 21:46:13]
第 41 章 System
第 41 章 System
上一页 部分 V. Monitor and Assistant 下一页
第 41 章 System
目录
# pmap -d PID
Webmin
上一页 第 41 章 System 下一页
Webmin
网站
http://www.webmin.com/
1. Debian Package
2. 命令:
3. script
http://netkiller.sourceforge.net/linux/ch41s02.html[21/5/2010 21:46:16]
logwatch
logwatch
上一页 第 41 章 System 下一页
logwatch
http://www.logwatch.org/
1. Install
Ubuntu 7.10
apt-get install
mail to
Crontab
#Check if removed-but-not-purged
test -x /usr/share/logwatch/scripts/logwatch.pl || exit 0
#execute
/usr/sbin/logwatch
logwatch --print
nmon
上一页 第 41 章 System 下一页
nmon
http://nmon.sourceforge.net/
例 41.1. nmon
http://netkiller.sourceforge.net/linux/ch41s04.html[21/5/2010 21:46:20]
nulog
nulog
上一页 第 41 章 System 下一页
nulog
例 41.2. config.php
http://netkiller.sourceforge.net/linux/ch41s05.html[21/5/2010 21:46:22]
第 42 章 Network
第 42 章 Network
上一页 部分 V. Monitor and Assistant 下一页
第 42 章 Network
目录
Cacti
Nagios
BIG BROTHER
Bandwidth
OpenNMS
Cacti
Cacti is a complete network graphing solution designed to harness the power of RRDTool's
data storage and graphing functionality. Cacti provides a fast poller, advanced graph
templating, multiple data acquisition methods, and user management features out of the box.
All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized
installations up to complex networks with hundreds of devices.
homepage: http://www.cacti.net/
Cacti requires MySQL, PHP, RRDTool, net-snmp, and a webserver that supports PHP such as
Apache.
1. wget http://www.cacti.net/downloads/cacti-0.8.7b.tar.gz
2. tar zxvf cacti-0.8.7b.tar.gz
3. mv cacti-0.8.7b /home/netkiller/public_html/cacti
$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cactiuser";
$database_password = "somepassword";
$database_port = "3306";
9. crontab -e
or
/etc/crontab
configure cacti
http://your-server/cacti/
Nagios
上一页 第 42 章 Network 下一页
Nagios
homepage: http://www.nagios.org/
Nagios 是一种开放源代码监视软件,它可以扫描主机、服务、网络方面存在的问题。Nagios 与
其他类似的包之间的主要区别在于,Nagios 将所有的信息简化为“工作(working)”、“可疑的
(questionable)”和“故障(failure)”状态,并且 Nagios 支持由插件组成的非常丰富的“生态系
统”。这些特性使得用户能够进行有效安装,在此过程中无需过多地关心细节内容,只提供他们
所需的信息即可。
install
Create a new nagcmd group for allowing external commands to be submitted through the web
interface. Add both the nagios user and the apache user to the group.
$ groupadd nagcmd
$ sudo usermod -a -G nagcmd nagios
$ sudo usermod -a -G nagcmd www-data
$ cat /etc/group
nagcmd:x:1003:nagios,www-data
reload apache
NagiosChecker
BIG BROTHER
上一页 第 42 章 Network 下一页
BIG BROTHER
waiting ...
http://netkiller.sourceforge.net/linux/ch42s03.html[21/5/2010 21:46:27]
Bandwidth
Bandwidth
上一页 第 42 章 Network 下一页
Bandwidth
http://bandwidthd.sourceforge.net/
http://netkiller.sourceforge.net/linux/ch42s04.html[21/5/2010 21:46:29]
OpenNMS
OpenNMS
上一页 第 42 章 Network 下一页
OpenNMS
http://www.opennms.org/
http://netkiller.sourceforge.net/linux/ch42s05.html[21/5/2010 21:46:31]
第 43 章 Web
第 43 章 Web
上一页 部分 V. Monitor and Assistant 下一页
第 43 章 Web
目录
awstats
webalizer
awstats
http://sourceforge.net/projects/awstats/
1. install
2. configure
LogFile="/home/netkiller/logs/access_log"
SiteDomain="netkiller.8800.org"
or
# cd /usr/share/doc/awstats/examples/
#/usr/share/doc/awstats/examples$ perl awstats_configure.pl
3. apache
http://netkiller.8800.org/awstats/awstats.pl
5. Generating the First Stats
If we check the file installed by awstats and search for the word cron using the following command line:
7. web 测试
http://netkiller.8800.org/awstats/awstats.pl
http://netkiller.8800.org/awstats/awstats.pl?config=other.8800.org
webalizer
上一页 第 43 章 Web 下一页
webalizer
What is Webalizer?
The Webalizer is a fast, free web server log file analysis program. It produces highly detailed, easily
configurable usage reports in HTML format, for viewing with a standard web browser
1. install webalizer
2. config
LogFile /home/netkiller/logs/access.log
OutputDir /home/netkiller/public_html/webalizer
3. crontab
/etc/cron.daily/webalizer
# This script just run webalizer agains all .conf files in /etc/webalizer directory
WEBALIZER=/usr/bin/webalizer
WEBALIZER_CONFDIR=/etc/webalizer
[ -x ${WEBALIZER} ] || exit 0;
[ -d ${WEBALIZER_CONFDIR} ] || exit 0;
for i in ${WEBALIZER_CONFDIR}/*.conf; do
# run agains a rotated or normal logfile
LOGFILE=`awk '$1 ~ /^LogFile$/ {print $2}' $i`;
# empty ?
[ -s "${LOGFILE}" ] || continue;
# readable ?
[ -r "${LOGFILE}" ] || continue;
4. initialization
sudo /usr/bin/webalizer
5. http://netkiller.8800.org/webalizer/
第 44 章 Zenoss
上一页 部分 V. Monitor and Assistant 下一页
第 44 章 Zenoss
http://www.linuxjournal.com/article/10070
http://netkiller.sourceforge.net/linux/ch44.html[21/5/2010 21:46:37]
第 45 章 Ganglia
第 45 章 Ganglia
上一页 部分 V. Monitor and Assistant 下一页
第 45 章 Ganglia
Ganglia 是一个开源项目,它为高性能计算系统(例如集群和网格)提供了一个免费的可扩展分
布式监视系统。
waiting ...
http://netkiller.sourceforge.net/linux/ch45.html[21/5/2010 21:46:38]
部分 VI. Cluster / Load Balancing
上一页 下一页
第 45 章 Ganglia 起始页 第 46 章 Linux Virtual Server
http://netkiller.sourceforge.net/linux/pt06.html[21/5/2010 21:46:40]
第 46 章 Linux Virtual Server
环境配置
VS/NAT
VS/TUN
VS/DR
配置文件
ipvsadm script
debug
ipvsadm monitor
Session
当选用持久服务(-p选项)支持HTTP session时,来自同一IP地址的请求将被送到同一台服务器。所
以在这种状况下,一个ab生成的请求都会被调度到一台服务器,达不到性能测试的目的。在真实系
统使用中,持久服务时间一般设置好几个小时。 当ldirectord监测到并且在列表中删除一台应用服务
器时,之前有建立连接的,继续转发到这台机上,确实是这样。因为IPVS并不立即淘汰刚删除的服务
器,考虑到服务器太忙被删除,可能很快会被加回来。如果你需要马上淘汰已删除服务器的连接,
可以用 echo 1 > /proc/sys/net/ipv4/vs/expire_nodest_conn 不用担心记录连接所消耗的内存,因为
一个连接只占用128个字节,所以512M可用内存可以支持四百万条连接数。 可以考虑用分布式的测
试工具,或者多台机器一起跑ab。
环境配置
ssh
network
install ipvsadm
neo@ubuntu:~$
test
VS/NAT
上一页 第 46 章 Linux Virtual Server 下一页
VS/NAT
ip_forward
sysctl -w net.ipv4.ip_forward=1
or
echo 1 > /proc/sys/net/ipv4/ip_forward
or
/etc/sysctl.conf 文件,保证其中有如下一行:
net.ipv4.ip_forward = 1
执行:
sysctl -p
iptables
ipvsadm
VS/TUN
上一页 第 46 章 Linux Virtual Server 下一页
VS/TUN
Director
ifconfig
[root@centos etc]#
route
ipvsadm
realserver
script
ifconfig
neo@master:~$ ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:CC:CF:A2
inet addr:172.16.0.10 Bcast:172.16.255.255 Mask:255.255.0.0
inet6 addr: fe80::20c:29ff:fecc:cfa2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5006 errors:0 dropped:0 overruns:0 frame:0
TX packets:4692 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
neo@master:~$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.16.0.0 * 255.255.0.0 U 0 0 0 eth0
default 172.16.0.254 0.0.0.0 UG 0 0 0 eth0
neo@master:~$
VS/DR
上一页 第 46 章 Linux Virtual Server 下一页
VS/DR
VS/DR方式是通过改写请求报文中的MAC地址部分来实现的。
Director和RealServer必需在物理上有一个网卡通过不间断的局域网相连。
Director
VIP:172.16.0.1
ipvsadm
#!/bin/bash
ipvsadm -C
ipvsadm -A -t 172.16.0.1:80 -s wlc
ipvsadm -a -t 172.16.0.1:80 -r 172.16.0.10 -g
ipvsadm -a -t 172.16.0.1:80 -r 172.16.0.20 -g
ipvsadm -a -t 172.16.0.1:80 -r 172.16.0.30 -g
script
RealServer
Ubuntn
script
redhat
test
配置文件
Director
ifconfig
neo@ubuntu:~$ ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:C2:FC:D7
inet addr:172.16.0.250 Bcast:172.16.255.255 Mask:255.255.0.0
inet6 addr: fe80::20c:29ff:fec2:fcd7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8566 errors:0 dropped:0 overruns:0 frame:0
TX packets:11544 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:726365 (709.3 KiB) TX bytes:2638735 (2.5 MiB)
Interrupt:177 Base address:0x1400
neo@ubuntu:~$
ipvsadm
RealServer
ifconfig
neo@ubuntu:~$ ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:CC:CF:A2
inet addr:172.16.0.20 Bcast:172.16.255.255 Mask:255.255.0.0
inet6 addr: fe80::20c:29ff:fecc:cfa2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1897 errors:0 dropped:0 overruns:0 frame:0
TX packets:1511 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:229334 (223.9 KiB) TX bytes:205973 (201.1 KiB)
Interrupt:177 Base address:0x1400
neo@ubuntu:~$
ipvsadm script
上一页 第 46 章 Linux Virtual Server 下一页
ipvsadm script
save/restore
同步
#sync daemon.
ipvsadm --start-daemon=master --mcast-interface=eth1
ipvsadm --start-daemon=backup --mcast-interface=eth1
cancel
http://netkiller.sourceforge.net/linux/ch46s05.html[21/5/2010 21:46:52]
debug
debug
上一页 第 46 章 Linux Virtual Server 下一页
debug
正确的IP包
http://netkiller.sourceforge.net/linux/ch46s06.html[21/5/2010 21:46:54]
ipvsadm monitor
ipvsadm monitor
上一页 第 46 章 Linux Virtual Server 下一页
ipvsadm monitor
monitor.py
#!/usr/bin/env python
class Ipvs:
types = ''
vip = '0.0.0.0'
vport = '0'
scheduler = ''
nodes = []
"""
def __init__(self, vs):
self.types = vs[0]
self.vip = vs[1]
self.vport = vs[2]
self.scheduler = vs[3]
self.nodes = vs[4]
"""
class Node:
nip = '0.0.0.0'
nport = ''
forward = ''
weight = 0
active = 0
inact = 0
def __init__(self, node):
nip = node[0]
nport = node[1]
forward = node[2]
weight = node[3]
active = node[4]
incat = node[5]
self.nip = nip
self.nport = nport
self.forward = forward
self.weight = weight
self.active = active
self.inact = incat
class Monitor:
buffer = []
ipvsdict = {}
def __init__(self):
self.buffer.append('<?xml version="1.0"?>')
self.buffer.append('<?xml-stylesheet type="text/xsl" href="vs.xsl"?>')
#self.make()
pass
def clear(self):
self.buffer = []
self.ipvss = []
def make(self):
self.buffer.append('<ipvs>')
for key in self.ipvsdict:
ipvs = self.ipvsdict[key]
self.node(ipvs.nodes,ipvs.vip+':'+ipvs.vport+' '+ipvs.scheduler)
self.buffer.append('</ipvs>')
def header(self,vs):
self.buffer.append('<!-- --------------------------------------- -->')
def node(self, nodes, caption):
self.buffer.append('<table>')
self.buffer.append('<caption>'+caption+'</caption>')
for node in nodes:
self.buffer.append('<node>')
self.buffer.append('<nip>'+node.nip+'</nip>')
self.buffer.append('<nport>'+node.nport+'</nport>')
self.buffer.append('<forward>'+node.forward+'</forward>')
self.buffer.append('<weight>'+node.weight+'</weight>')
self.buffer.append('<active>'+node.active+'</active>')
self.buffer.append('<inact>'+node.inact+'</inact>')
self.buffer.append('</node>')
self.buffer.append('</table>')
def display(self):
for buf in self.buffer:
print buf
def saveAs(self,filename):
# if filename:
f = open(filename,'w')
for buf in self.buffer:
f.write(buf)
f.close()
def save(self):
self.saveAs('vs.xml')
def ipvslist(self):
w,r = os.popen2(IPVSADM)
w.close()
version = r.readline()
vsfield = r.readline()
nodefield = r.readline()
pattern_vs = r'(\w+)\s+([0-9.]+):(\w+)\s+(\w+)'
pattern_node = r'\s->\s([0-9.]+):(\w+)\s+(\w+)\s+(\d+)\s+(\d+)\s+(\d+)'
cp_vs = re.compile(pattern_vs)
cp_node = re.compile(pattern_node)
current_vs = ''
for line in r.readlines():
if line[:3] == 'TCP' or line[:3] == 'UDP':
current_vs = line
result = cp_vs.search(line).groups()
ipvs = Ipvs()
ipvs.types = result[0]
ipvs.vip = result[1]
ipvs.vport = result[2]
ipvs.scheduler = result[3]
ipvs.nodes = []
self.ipvsdict[current_vs] = ipvs
elif line[2:4]== '->':
result = cp_node.search(line).groups()
oneNode = Node(result)
#nodes.append(oneNode)
self.ipvsdict[current_vs].nodes.append(oneNode)
class Network:
interface = []
def __init__(self):
pass
def hostname:
pass
class Ipvsadmin:
cmdline = ''
vscache = []
forward = {'nat':'','route':'','tunel':''}
class Deploy:
src = ['vs.xml','vs.xsl']
dst = ''
def __init__(self):
pass
def target(self, dst):
self.dst = dst
def start(self):
try:
for srcfile in self.src:
shutil.copy(srcfile,self.dst)
except (IOError, os.error), why:
print "Can't copy %s to %s: %s" % (`self.src`, `self.dst`, str(why))
import os,re
import shutil
IPVSADM='/sbin/ipvsadm'
def main():
xml = Monitor()
xml.ipvslist()
xml.make()
#xml.display()
xml.save()
#xml.saveAs('/var/www/vs.xml')
deploy = Deploy()
deploy.target('/var/www')
deploy.start()
if __name__ == "__main__":
main()
ipvs.xsl
<xsl:output method="html"/>
<xsl:template match="/">
<html>
<head>
<title><xsl:value-of select="table/caption"/></title>
</head>
<xsl:apply-templates/>
</body>
</html>
</xsl:template>
<xsl:template match="/ipvs">
<xsl:for-each select="table">
<table width="90%" border="1" cellspacing="0" cellpadding="5" bgcolor="E0F0FF"
align="center" bordercolor="4FA7FF">
<caption><xsl:value-of select="caption"/></caption>
<xsl:for-each select="node">
<tr>
<td><xsl:value-of select="nip"/></td>
<td><xsl:value-of select="nport"/></td>
<td><xsl:value-of select="forward"/></td>
<td><xsl:value-of select="weight"/></td>
<td><xsl:value-of select="active"/></td>
<td><xsl:value-of select="inact"/></td>
</tr>
</xsl:for-each>
</table>
<br />
</xsl:for-each>
</xsl:template>
<xsl:template match="chapter/title">
<center><h1>
<xsl:apply-templates/>
</h1>
</center>
<hr />
</xsl:template>
<xsl:template match="ulink">
<a href="{@url}" border="0" >
<xsl:apply-templates/> </a> <br />
</xsl:template>
<!--
<xsl:apply-templates select="title"/><br />
<xsl:for-each select="setp">
</xsl:for-each>
-->
</xsl:stylesheet>
第 47 章 keepalived
上一页 部分 VI. Cluster / Load Balancing 下一页
第 47 章 keepalived
目录
安装
test
网站: http://www.keepalived.org/
http://www.lvwnet.com/vince/linux/Keepalived-LVS-NAT-Director-ProxyArp-
Firewall-HOWTO.html
http://www.keepalived.org/LVS-NAT-Keepalived-HOWTO.html
http://archive.linuxvirtualserver.org/html/lvs-users/2002-12/msg00189.html
http://www.linuxvirtualserver.org/docs/ha/keepalived.html
安装
两台已经安装好Ubuntu的服务器
分别安装ssh以方便putty登录
install keepalived
配置 keepalived.conf
例 47.1. keepalived.conf
vrrp_sync_group VG1 {
group {
VI_1
VI_2
}
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.0.1
}
}
vrrp_instance VI_2 {
state MASTER
interface eth1
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.18.1.254
}
}
virtual_server 172.16.0.1 80 {
delay_loop 6
lb_algo wlc
lb_kind NAT
persistence_timeout 600
protocol TCP
real_server 172.16.0.2 80 {
weight 100
TCP_CHECK {
connect_timeout 3
}
}
real_server 172.16.0.3 80 {
weight 100
TCP_CHECK {
connect_timeout 3
}
}
real_server 172.16.0.4 80 {
weight 100
TCP_CHECK {
connect_timeout 3
}
}
}
enable ip_forward
Starting keepalived
virtual_ipaddress
test
上一页 第 47 章 keepalived 下一页
test
Log
Keepalived 日志输出位置
Debian/Ubutun: /var/log/daemon.log
Other: /var/log/messages
$ sudo ipvsadm
链接测试
查看vip
genhash -s 172.16.0.1 -p 80 -u /
genhash -s 172.16.0.1 -p 80 -u /
genhash -s 172.16.0.1 -p 80 -u /
...
genhash -s 172.16.0.1 -p 80 -u /
第 48 章 heartbeat+ldirectord
上一页 部分 VI. Cluster / Load Balancing 下一页
第 48 章 heartbeat+ldirectord
当前环境
heartbeat主要有三个配置文件:
1. /etc/ha.d/authkeys
2. /etc/ha.d/ha.cf
3. /etc/ha.d/haresources
过程 48.1. 配置步骤:
1. /etc/ha.d/authkeys
auth 3
3 md5 hello
2. /etc/ha.d/ha.cf
master
logfile /var/log/ha-log
logfacility local0
keepalive 2
deadtime 30
warntime 10
initdead 120
udpport 694
auto_failback on
node master.example.org
node backup.example.org
backup
3. /etc/ha.d/haresources
4. /etc/ha.d/ldirectord.cf
checktimeout=3
checkinterval=1
autoreload=yes
logfile="/var/log/ldirectord.log"
quiescent=yes
virtual=211.100.37.164:80
real=10.10.0.7:80 gate
real=10.10.0.8:80 gate
real=10.10.0.9:80 gate
service=http
virtualhost=netkiller.8800.org
scheduler=wrr
protocol=tcp
checkport=80
...
debug
tail -f /var/log/ha-log
察看心跳监听是否工作:
IPaddr2 Script
IPAddr2::10.10.0.1/32/0:0/10.10.0.1
http://netkiller.sourceforge.net/linux/ch49.html[21/5/2010 21:47:04]
部分 VII. Multimedia
部分 VII. Multimedia
上一页 下一页
部分 VII. Multimedia
目录
50. ImageMagick
install
convert
批量转换
resize
51. GraphicsMagick
52. How to add metadata to digital pictures from the command line
53. broadcast streaming
gnump3d - A streaming server for MP3 and OGG files
icecast2 - Ogg Vorbis and MP3 streaming media server
installation from source
shoutcast
PeerCast
54. To convert multimedia format
To convert .rm files to .mp3
encode to Macromedia Flash format
上一页 下一页
第 49 章 HAProxy - fast and reliable 第 50 章 ImageMagick
起始页
load balancing reverse proxy
http://netkiller.sourceforge.net/linux/pt07.html[21/5/2010 21:47:06]
第 50 章 ImageMagick
第 50 章 ImageMagick
上一页 部分 VII. Multimedia 下一页
第 50 章 ImageMagick
目录
install
convert
批量转换
resize
homepage: http://www.imagemagick.org/
install
http://netkiller.sourceforge.net/linux/ch50.html[21/5/2010 21:47:07]
convert
convert
上一页 第 50 章 ImageMagick 下一页
convert
批量转换
resize
批量修改图片尺寸
以长边为准
第 51 章 GraphicsMagick
上一页 部分 VII. Multimedia 下一页
第 51 章 GraphicsMagick
http://www.graphicsmagick.org/
http://netkiller.sourceforge.net/linux/ch51.html[21/5/2010 21:47:11]
第 52 章 How to add metadata to digital pictures from the command line
http://netkiller.sourceforge.net/linux/ch52.html[21/5/2010 21:47:14]
第 53 章 broadcast streaming
第 53 章 broadcast streaming
上一页 部分 VII. Multimedia 下一页
第 53 章 broadcast streaming
目录
1. installation
2. configure
root = /var/music
http://127.0.0.1:8888/
过程 53.2.
1. installation
2. configure
/etc/default/icecast2
/etc/icecast2/icecast.xml
<authentication>
<!-- Sources log in with username 'source' -->
<source-password>your-password</source-password>
<!-- Relays log in username 'relay' -->
<relay-password>your-password</relay-password>
3. starting
4. testing
http://localhost:8000/
过程 53.3. 配置步骤
1. 安装lib库
make;make install
创建icecast2用户
修改所有者
netkiller@Linux-server:/usr/local/icecast$ cd ..
netkiller@Linux-server:/usr/local$ adduser icecast2
netkiller@Linux-server:/usr/local$ sudo chown icecast2.icecast2 -R icecast/
3. 运行icecast
netkiller@Linux-server:/usr/local$ su icecast2
netkiller@Linux-server:/usr/local$ /usr/local/icecast/bin/icecast -b -c /usr/local/
icecast/etc/icecast.xml
4. 配置icecast
管理员/密码
admin-user: 管理员用户名
admin-password: 管理员密码
icecast2@Linux-server:/usr/local/icecast$ vi etc/icecast.xml
<authentication>
<!-- Sources log in with username 'source' -->
<source-password>hackme</source-password>
<!-- Relays log in username 'relay' -->
<relay-password>hackme</relay-password>
5. 测试 http://netkiller.8800.org:8000/
shoutcast
上一页 第 53 章 broadcast streaming 下一页
shoutcast
shoutcast...
http://netkiller.sourceforge.net/linux/ch53s03.html[21/5/2010 21:47:20]
PeerCast
PeerCast
上一页 第 53 章 broadcast streaming 下一页
PeerCast
homepage: http://www.peercast.org/
http://netkiller.sourceforge.net/linux/ch53s04.html[21/5/2010 21:47:21]
第 54 章 To convert multimedia format
mencoder input_file.rm -ovc frameno -oac mp3lame -of rawaudio -lameopts cbr:br=128 -
o output_file.mp3
http://netkiller.sourceforge.net/linux/ch54.html[21/5/2010 21:47:23]
encode to Macromedia Flash format
http://netkiller.sourceforge.net/linux/ch54s02.html[21/5/2010 21:47:25]
第 55 章 Voice over IP
第 55 章 Voice over IP
上一页 下一页
第 55 章 Voice over IP
目录
Gnu Gatekeeper
Gnu Gatekeeper Install
Gnu Gatekeeper Configure
Gnu Gatekeeper Test
Asterisk (OpenSource Linux PBX that supports both SIP and H.323)
OpenSER SIP Server
Gnu Gatekeeper
http://www.gnugk.org/
start|stop|restart|force-reload
Start
gatekeeper.ini
[Gatekeeper::Main]
Fourtytwo=42
[GkStatus::Auth]
rule=allow
Windows XP
Start NetMeeting
Start->Run->conf
网关守卫设置
Part II - ohphone
For example:
netkiller
neo
上一页 下一页
encode to Macromedia Flash format 起始页 Asterisk (OpenSource Linux PBX that
supports both SIP and H.323)
Asterisk (OpenSource Linux PBX that supports both SIP and H.323)
上一页 第 55 章 Voice over IP 下一页
Asterisk (OpenSource Linux PBX that supports both SIP and H.323)
http://www.asteriskpbx.com/
http://netkiller.sourceforge.net/linux/ch55s02.html[21/5/2010 21:47:32]
OpenSER SIP Server
http://netkiller.sourceforge.net/linux/ch55s03.html[21/5/2010 21:47:34]
第 56 章 Open Source Distributed Computing
$ wget http://boinc.berkeley.edu/dl/boinc_5.6.4_i686-pc-linux-gnu.sh
netkiller@Linux-server:~/BOINC$
添加计算项目
运行Boinc
上一页 下一页
OpenSER SIP Server 起始页 ubuntu apt-get 安装
ubuntu apt-get 安装
上一页 第 56 章 Open Source Distributed Computing 下一页
ubuntu apt-get 安装
安装
netkiller@shenzhen:~/BOINC$ sudo apt-get install boinc-client
拷贝现有的account文件
netkiller@shenzhen:~/BOINC$ cp account_* /var/lib/boinc-client/
重新启动
netkiller@shenzhen:~/BOINC$ /etc/init.d/boinc-client restart
http://netkiller.sourceforge.net/linux/ch56s02.html[21/5/2010 21:47:43]
rc.local
rc.local
上一页 第 56 章 Open Source Distributed Computing 下一页
rc.local
/home/neo/BOINC/run_client --daemon
http://netkiller.sourceforge.net/linux/ch56s03.html[21/5/2010 21:47:45]
附录 A. 附录
附录 A. 附录
上一页 下一页
附录 A. 附录
目录
参考文档
Linux 下载排名
参考文档
http://www.faqs.org/docs/Linux-HOWTO/Bash-Prog-Intro-HOWTO.html
http://xiaowang.net/bgb-cn/index.html
上一页 下一页
rc.local 起始页 Linux 下载排名
http://netkiller.sourceforge.net/linux/apa.html[21/5/2010 21:47:47]
Linux 下载排名
Linux 下载排名
上一页 附录 A. 附录 下一页
Linux 下载排名
http://distrowatch.com/
http://netkiller.sourceforge.net/linux/apas02.html[21/5/2010 21:47:48]
附录 B. 历史记录
附录 B. 历史记录
上一页
附录 B. 历史记录
修订历史
修订 1.0 2007-1-12
● 开始
● ubuntu linux
修订 1.1 2007-5-10
Application (Zope)
修订 1.2 2007-5-15
Memcached
修订 1.3 2007-5-18
Jboss
修订 1.4 2007-5-21
php memcache,lighttpd script
修订 1.5 2007-5-22
rsync
修订 1.6 2007-5-24
openfiler
修订 1.7 2007-5-25
openfiler, php sql server
修订 1.8 2007-5-28
openfiler, zend optimizer
修订 1.9 2007-6-9
ip tunnel, memcached script, lighttpd script
修订 1.10 2007-11-13
栏目重新排版,增加很多新内容
修订 1.11 2008-1-17
awstats, webalizer
修订 1.12 2008-1-22
TUTOS, TRAC
修订 1.2 2008-3-21
栏目重新排版,增加很多新内容
修订 1.2.1 2008-3-21
Shorewall
修订 1.2.2 2008-6-20
FreeRADIUS
修订 1.2.3 2008-10-7
MySQL Replication
修订 1.2.4 2008-10-8
MySQL Cluster
修订 1.2.5 2008-10-9
modi: Openldap
修订 1.2.6 2008-10-21
inotify-tools
修订 1.2.7 2008-10-31
modify rsync chapter
add csync2
修订 1.2.8 2008-12-3
modified system chapter
修订 1.2.9 2008-12-16
the system chapter was modified
修订 1.2.10 2008-12-22
added loop devices
修订 1.3.0 2009-3-10
bash
and function
修订 1.3.1 2009-3-22
vsftpd
修订 1.3.2 2009-4-5
修订 1.3.2 2009-4-15
Stunnel.
修订 1.3.3 2009-5-7
增加很多新内容,章节重新排版。
修订 1.3.4 2009-10-27
PPTPD
上一页
Linux 下载排名 起始页